09) mnm] B^m^nif cj p) 

(12) £M#fF4tfR (A) 

(11) ^12 0 0 1 -2 4 9 8 9 9 (P 2001-249899 A) 

(43) [^W 0] ¥^13f9^14S (2001. 9. 14) 

(51) [BR#tt^S»7JSR] 

G06F 15/00 330 
320 

13/00 351 
357 

17/60 176 
H040 7/38 
H04L 9/32 

12/66 

[F I] 

G06F 15/00 330 A 
330 Z 
320 A 
13/00 351 Z 
357 A 
17/60 176 A 
H04B 7/26 109 R 
H04L 9/00 673 B 
11/20 B 

\mm(om 2 e 
[tammm] ol 
[±wm) 8 5 

(21) [W«S#-§-] #02 000-62213 (P 2000-6221 3) 

(22) [mmn] ¥$cl 2^3^ 7 0(2 0 0 0.3.7) 

(71) [tBJUA] 

[f»SU#-t] 000002185 

\&ffiXiZgffi] MM&&)\\mk&)W6TB 7#35f 

(72) mm*] 



(72) \wm\ 
(72) [mwm 

[nmxitmm] MMU^)mw a )\\6rn 7#3 5^ y^-^m±^ 

(74) [ftlA] 

imm-f=r] 100101801 
[#&±] 

It— ra-K (##) ] 

5B049 
5B085 
5B089 
5J104 
5K030 
5K067 
9A001 

[F^-i, (##) ] 

5B049 AA05 BBOO BB46 CC03 CC22 CC36 CC39 CC48 DD04 EE03 EE05 EE23 EE56 GG04 GG07 GG10 
5B085 AE23 

5B089 HA01 HA06 HA11 JB14 JB19 KA12 KA17 KB13 KC58 KG03 KH30 

5J104 AA07 KA02 KA04 KA05 NA03 

5K030 GA15 HA05 HB08 HC01 HC14 HD01 HD06 JT09 LD20 

5K067 AA30 BB04 DDI 7 EE02 EE16 HH11 HH24 HH36 

9A001 CC03 CZ05 EE03 JJ01 JJ25 LL03 



(57) mm] 

mm] mm. ^^mu^wtz^^m^m^M-r^M^y bv-tz^Ltz* yrt^, 



[11*^83 ^l5±<S^feJ;i;frlE^^^K^*3V>T^$n57 f --^fi, ^ttiiflT-fey^ 

a >x<Dtt$hte± v 3 >m%m^x^4mm&fj;£titz.7 £ --?x&z z b *mwLbirz>nJm 



wtt&mtLx, aiKiflits'^g ye©*ta4t yj/a xi^i, fufe^-§-^stt, 



[11*92 1] MsE^-t^^^^^i^iil5±{M^^«a«, ^HBf^-^^ioT^ 
Bf-^-fb^J^tf n £ m IE p - # /M* y h V - ^ ^ y $ 7 ^ - * 3M£ £ 7t tefflf ^K^#:-r ^ * 7 ^ - * 

[»*92 6j mmM^mm^Mir^mmmn^mm^^\.xmm^^^-^^mm^m^^y 
or, tufs^^t 0 ^--^ • 7°n^^A(i, v-}?x±^?frtbMm^&*frLxmm£tizm^®m 



[o o o 1 3 



[0 0 0 2] 

tz<o. h^^m^w^^-^\z.^vx^^Ti-y^mm(Dmm^n^ofj:t\ *vb9-?*mz 
tLtftnfcmmn&i&As tr & o -c # -c v > 5 „ 

[0003] jyfrfticte, #®€«^>tf-f 5»P, ^ yffy^f of- -t^^fM^t- br 

rtifecDf— fc^fft^f Aiijov^- tffl»a, Pffiif#^o#«ft«rffif*S:a»i-5ritcJ: 
[0 0 0 4] 

[0 0 0 5] afeOaifll^Sr^UySif— t^^#^x^-C«, *y M7-*«5E£^UtiJ- 

^n^tzib\z^x(Dm^\z.mt(otz^<D^^^-/v^m^^b\^ m^/hSHb^ 
toe>t^L^fc©tii4v\ m^mkf>mmttj:%mmzio^xtez<Dffimtemmktez> 0 $ 

[0 0 0 6 ] ±$?)Fpmft, irtet>hV-\?x&&ft5ttmm^XfcMt§ofrib<D* 

[0 0 0 7] 



[0 0 0 8] ^^^ii^f¥^lr^t^i^-fc^^#t^^xA<7)-^^|^^fcv^T, &&fiE 

f — tr * ± y * & j; vmm±i±mmtmimm^&zii t , luisf— if* ± y ? & £ u«fuiE±#m^ 

<5o 

[0 0 0 9] ^PJ(7)aiff^^^tfcf--fc^^^^7 L i=^<7)-^m^^-^5V^T, SufE 

[0 0 10] ^PJ^f^^tfc^-t^M^i/^xA^-^SIi^^VNT, MIE 

[0 0 11] £^ ^PJ^iiff¥^^b^^-t^^#tV^x^<7)-«^#^^T, fufE 

[ooi2] ^mm(Dmit^^Ltz^-if^mm^^T^(D-mmmm^^^x, mm 

[ooi3] zb^, *mw<Dmm^&%frLtzv-\fxmm^x^^(D~mMmm^&\<^x, mm 
v-¥x±y?&£vmm±{m^?$^&\<^xm$:{t ^sf-^it ai^iim-fe^^a yx<»&% 

xx^mmmmn^m^m^^xmm^ti^-^it, %mmit± y ya yx<D^wz 
[0015] £^ *mM<Dmia^tk*frLtzv-¥xmmy^2±<D-mMmm^&\<^x, mm 

v-\?**&mir%mfcxh%^b*m'®Lk-rz> 0 

[ooi6] $b\z. s ^mfDmiB^^^Ltc^-^^mmy^^-mmmm^^^x, mm 
^-±^±.y^^.xummM^mm^<Dmmmm^ ^mmm^^K^-xmn-u mm±im%s •- 

£^xmfti-%mj&xhz>^tz'®mbirz> 0 

[ooi7] zbiz, *%womis^mzfrLtzv-vxm&yxTJ±<D-nmmmzte^x, mm 



loo is] zbK, *im<D%2<Dwm\&, M®nmkmz-tt^%um^n*mt^wt*ft\,xWi 

(D%{tLtz^kmmm&, v&rimwmt Lx*tz\mm±immc&^xm^Ltzm%-fflm 
tmt un^- ; h^-^^y^y^-^tzmmmmmw^LxmmumMmmm^m 

[ooi9j ^mm(Dmit^^Ltz^--h^m^m(D~mmmm^^x, mmv— 

^y7iztetf%mmfrf&±Ltzm&\z<7>^mft-tz>zb %w$kt-rz> 0 
[oo2o] isb\^ ^mm(Dmm^^Ltzf--^^.m^m(D-mmmm\^^x, mm±& 

xvmummzmfti-zmm&mxTyyz^u mu^-^mm^y^ix mmmmm^Ty 

[00213 *mM<Dmm^&zfrLtzv-¥xmm%fc(D-nmmm^te^x, mm±& 

[0022] zbK, *mm<DM<$^m*frLtiv-\fxm&%m<D-mMMmz&^x. im-9— 
tm^mmf- ? ks» $ titzm&mm? t , m&.±.mm*. it \zmmM&m&fr h %.m-rz> 
ioo2 3] £f>t£, ^mm<Dmm^^Ltz^-^^^m<D-mmmm^is^x, tuisf— 

[0 0 2 4] ^IIBJ^afs^^^Lfcif-fc^^^^-^^^VNT, SfilEf— 

lift ir 5/ a VX*<T>h^W& y > a >m&&J$ U S&fSBf #«i31fi, Lfc-fe y > a Vfcfc; J; § 

[0025] *mw<Dmt$^$k*frLtzv-vxmm*m<D-mMmmK&^x, mm±iiL 
m^tzimBmmMmm^^Tti^t y nm^m^ir^T-^&m^it-r^mt LXs mm 

ffirs/Va yX<D^Wj:±y^3 >m&&&U H&IBflf^afl, &JifcLfc-tr yi^a ^»i«t5Bff 



\?x±v?&ZTfmm±t±mm$omimmiz, Amm^tt^zoxmnv, m&±.im$&&z 

[0 0 2 93 £^ #3gl?J30&3tf>{B!l®f* % ^^h^-^CTfS^^yx-^^i, Bf 
[0 0 3 03 £<b(-> *38WO-^>-if^#^ilo-3j|Jtetl*lltJ:*3VNT % tfIIEBt-^to3S#^«gj|Ef- 

iwt#^, Gainst ^^v^n^a^^ic'b^Brti^^SrWi-s - 1 *m&k-$-z> 0 
[00323 i$b\^ *%w<Dm4<Dmmz, m®MMtmmKMi-zmmtfjmzmm^&*ftLxm 

ftt^/n^yAlilMoT, iffi^Vt'a-^ • ^P^Ait f— fc**ir ^ jiff # 

[0 0 3 33 *^PJ^4^iJ®{^^7 e p^7A^^{t > 0iJx.«\ I^/^p^Ao-f 
*^-e«#t-rSj»fr-e*>5„ j^frtt, CD^FD, MO&WfElftKft\ fc<5Mi, ^ y H7-^ 
[0 0 3 43 :©i^j:7"n^7AiW|j:, n^t 0 ^-^ • i/*7 L J±±.xmfe(D=iy\i°x.~-? • 

tmwzti, *mx<Dm<DMffikmmnft%%)%:$:nz>z. k&xz%<Dxhz>o 

[0 0 3 53 

iambi £xfiv-\?x±yf\znK\mmm&m?fu mim^ommzmn-tz 



[0036J *%w<D£t>Km<Dn&}^ ifcm^m&i*, w^-r^mm^mmm^mn-r^mmcm 

[0 0 3 7] 

^-y £ m&fctti-zv-K*x*m&-rzi-~-'t*x±y? 1 o, y—^x±y? 1 ob^-^m^m 
*mft-?%-*~- vxwfrmmt tt©±w2o, ±&m&2 o^mlt, -v—v^y? 1 o 

(Tim/IBr) 3 0, -9— t**i?^l0£±ft^2 0i£^ 
ttfg(s]#U CATV0H, fl, M^, hm<DftU*y h!7-^ii{f^, ±fi^2 

0 £fjjlj$l*f#»m§g 3 0 t©W^ 0iJxtt\ IEEE 1 3 9 4, U S B^cDiiff 

[0038] m^\^Ltz&mf&^m^^xmMirZ) 0 *&w<D^-VM<Dm&\z±Mm2 o ^ 
mmz-o^x®,w-tz> 0 

[0 0 3 9] <±W>t-t^Mgti Lt(0±W2 0[±, 1 0 i^ISE 

3 O^fbf— t**ir^ 1 O^fD^fx-^^^-rSfc^^^^-r^o 
[0 0 4 0] M2.i--tfi^2 0<Dlfj&£^1- o ±ft1«2 Ofi, ^-^SrStt5*J^*f*ttlS3 
O^Ma-^/^y h!7-^£1fj&1-3fc&M^ib;ix6 I EEE 1 3 9 4 (T * V Xm^M 
^gfc X ZWlKfflfe) ^USB (Un i versa I Ser i a I Bus) #£<7M l/f — y^—x^t LTOp-^/W 

^^7^-^2 0 8^^, fa<Dm$st<D7 i -?mm^Mxhz> 0 ±.\tm^2ot^— t*x±># 

1 otommtm&mm, ^-tv^u trail, mmu, Minn, ^^-^yTO^^ia 

[0 04 1] ±{i«2 o ttnt^b • mm^mtmrn^n owmoict Lxom^tmm i c 2 
0 5 «^5 0 ^(D^imm 1 c 2 0 5 

^^^TtgTfeSo lCi:ii±W2 0@f©Igijf KID) £&^1-^Eii¥l££ 

19 , $ffi<DMm<D&\z.z<Di D*mm-tz> 0 Ht#^ • f&tEiiif 1 c 2 0 5 ^*»e> 1 d 

<nm%Wkx.^ftX%t£\,^ 0 i:SAM (Secure Application Module) t LXM&Zti&Z tmiltV 
- [0 0 4.2-3- Rf^iilSl C 2.0-5 Wl|&i$.tl6i^ I -Dtel*— fc**i? V* 10«t, tf 



[00433 &mmmfirttz*mi-z±-?&mktez>, ±.mm2 o &$t<D<&Mmt%mm<DU& 

So ^WltiEBJ^^fllT^Sil^^tTltP, ^frtyZmmm (C A : Certificate Authority) 

[0045] ffife<D^mfc£zm^{mmiz.£^xmm^mtm*T-?izm-t- 

(DtLx, -^(Dm^^fD^—fim^m^mmk^x, m^^mm^u^m^mk-r^h 
<Dxhz> 0 MZ-tz. T-t^imztefflmkL, m^-mzwmmk-rzo 
ioo46] R#-sNi^ m^mz.&momzm^^frtyz&mm^ttkmte'o . ^mrnvm-tt 
x\*mmz&'o i &m<Dhzm®mtes m^<o 1 x^mxit^^tz^mco^m^^xmwx-h^o 
*?u &mmmtt&*&mmm*iktt\z&&Lx7-f&m&&&m<. mmmmim. 
* /us* mof- ? *<t»& v < m v * ^ tir v * 5 0 ^s^^^ft^ft t> ^ & r s 

A (Ri vest-Sham ir-Ad I eman) B£-S§-^£>5 0 ^fc\-$ft1?;\z^t£2^<DmWi (Mz.lt 1 5 0#t) (Dm 
*m\,^h(DXh<9 , ^ti2o©it (^J^Lfil 5 0#r) (Dm^mm&mtt&fcmomMZ %m 

[0047] ^HiiBt#^t?tt N ^&i£&mz.&Mm*fem^mkirz>mi$,xM , ms-r^m 
^-i"it^mmimm^hmM<D^m^^mx^mm^A^Lxxmm^^itvxmm^A\zmn 

[0 0 4 8] ^mmmmit, ^mmm^^^f^mmm (CA : Certificate Authority) 

isfiE^(Z) i D^#^ps#(Dtt^^f^pL, z bimmmz£%m%*ttMi,xi / ff&£tiz>mwmx 
[0049] ^piifiE0j#(i, sek#^<— ^ 3 ^## x mmm (ia) ^fiE^muffl#^*fu#j^ 

[ 0 0 5 0 ] m^S^Jiv JGE9H?e>'<-- ^.3>#.^ -»liEJ^S|E|l|«3NM#^^ - 



1005 1] ssEjgtt, <&mmmm%mni-z> t tt>iz^ ^mmmtnt^mmmmi's.mu 

Revocation kW&) ^<D^M^ffo 0 

[0 0 5 2] -3r % w©^llira#^fiJffl1-5l^(c« N fiJffl#ttiS^ift»t* <5BBE«O^M«IS: 
P£-*Hfcii{f I C 2 0 S^F^ffiS^^ y tC«Hjft$tLXV^S 0 

[0 0 5 3] ft**, iffiHS^Mi, f— tf*ir^* l 0i;tLtiMt^trt5 

[0 0 5 4] £fc, ±W2 0(t ai»[o«iojiads»#iPrtB-e*> «j , «Sdsgstti-«f— tr^-t^ 

[0 0 5 5] ±#«H|2 0&, TOlff IC 2 0 5OMm £^ ^ 7 L 

fciijfM, i2'it^g2 1 o(DT-?T?±xmmm<D&m&m*Mffli-ztz$>(DCPij2 o 1, i§ 
2 0 2, mm^m^^^-^ni-^m^-^m<Dm^n^om^2 03, ^— tf(c 

<t^iifs^^o^^nT|gi:-r6^^2 0 9, ^-Kx-r**, CD, D VDll: £oT«c£ 
ft5fB'Hi£M2 1 O^mz-Zo 

[0056] tsb\z±mm2o\%^ mm*m<Dmm*mmi-zmmmmn2 0 4ttirz )o m^m 
fias204it mgi#fc£;yiffc*x;^xV*T*fc^ fcs^ra: 

$e>IC±W2 0ft ^y-^TO^, FD, CD, DVDOJ: 9 &ti#fS§ig£#: 2 1 1 \Z.t* 

[oo5 7] <$ij^»^ (Ttt»ss) >*a»»*«« mmm) 3 on, tvu^vvy-? t 
<Dm.mmm^$k*ntc.t!:\<mmx*&<Q, ±{m^2o^u-^/^yh^-^^drLxmm^ti, -y- 

[0 0 5 8] 13^ M4»C#J^^«I« (Tffi««) 3 OO2o<D«^0HS:^-r o |3lt frJ^**^ 
« (T(t««) 3 0ii\ ±mmkm$li-5tzlt><Du--jj;l>*y h7~? 4 ^?-7 3 0 7 
^-r^li^c-efe^, IWD-^y h!7-^^ 3 0 7 %frLX±.lim%52 0 

. I q.o 5 9] -jj^ m±^irmmmm. mmm 3-0 ±fi«^ 5 fc - * 



[0060] (Tim%s) 3 o<omm^^xmmir^ 0 m£.v>*>?'(ym<Dm&, 

%Mf&-f%ti!bI EEEl 3 9 4 SB (Universal Serial Bus)^<ZM ^-:7i-*g&£: LTO 

[0 0 6 1 ] $ij#p>?f#Mt^ mmm) 3 0 (4Bt#^ • mm^mmomm^n om-m<D\ct ut© 
Bt^™f 1 c 3 0 5 zm^z>o ^(Dm^ritmm 1 c 3 0 5 it^mmm^^t^mm^^^m 
mi-ztzwz&mtemwtfvjmvhZo ^itmit 1 c 3 0 sizteMm&tt&t&mm^ 

[oo6 2] temmn^ttzmm-fzhx&Wtbtez, temmtw&m<Dt&&&x**<D<mm\z.tt 
&+z<mmm&m\ttmmttmm (rwm) 3 0 com^imm 1 c 3 0 5 <Dftm* * y kie 

fr^SfPiFJ^ (CA : Certificate Authority) ^3§tTt/t *><D-?fc£ 0 ftfe, frJtWiMigs (Tit 

mm) 3o«i, t^-irv^i o\LMLxm&&mznft-tz>mz%rti\z±^ 

h^t^-\f^±y^m±^vxzti^iBLxmm^^^m^tLXhi:<, rwi^, ^ 

Stc|i<Z)*aS:3EJE't-6 - b%*fmt LtzM^t LXhX^\ &4b\ if- t'^-fe^^ l 0 O^HMHH:^ 
fc^^Bf^biifs I C 3 0 5 wrt»p<*y lc|B»$tL-CV^o &*3, &Mim*tt<Dfr$:Wm-r 

3 o (Dm^mm i c 3 0 5 <oftn* y izfcm-rz> 0 ^iMM^^m^ (T&mss) 3 

o^fisij^- (id) icMLtt- t^ty^^ttt) «kv\, 

[0 0 6 3] $J$ltt&tig& (TflfcHMB) 30li, $ ffiHHbilfi I C 3 0 5 (P&Sf&lftU ^ 

CPU3 0 1, mmir~?<D-mm, »n^yA©|&Wi ITiitSRAM, ROM|(I 
=toT«^$tl5^^y 3 0 2, W^Jftf^Sa-lf^^i-Sf&^-^^O^Srffjfc^*^ 

303, ^-wz£zmmmtem<Dm7FZ-^mh-rzwifcn3 o 8, a-k^^^, cd, dvd 

[0 0 6 4] $ <b £fii!lffil#fttt$ (T(fc«&) 3 0 te, ^**(D^^^#ti-6«@^ 304 
^-T5o $&tC#Jfttt*flt$ (T«) 3 0(1 ^y^T^f^, FD, CD, DVDOi 
5fctt*lEft**fl5:3 l 0l;ix-*£fStai-5J:5fc«/£LTfc<fcv\ *<0«te\ \mtmmW-3 l 0 
t©^^-7i-X3 0 6*m*-Z>o ii^t77^yS©i^, r<&tt«|Bft&fls3 1 0£^L 
TiJ— fc^i?^* 1 0a>b<Bffl»1W«$:gffi1-5o M30^7-f >SMft*-Cf±, p-*^yh!7 
- -*&4H-5ri\ fc5-V>ttMI5^fr3 1 0 W-r^^fet^H^^-So 

[0 0 6 5] -f&frib, M3.^^V7^^Tfi, ftJ»iM« (T&ttHS) 3 0l4t- 

2 o 6 <Dmm.mti$:m%Lxy— 1 o tmwnr% 0 ^<Dt%mim\ 



3 0fi^(DT-^^±ft^2 0T^IE^#:(C|E^L, ^(OtMlS^^^^^a 

[0 0 6 6] fc*3, ±.mL1tm3M>y^>m. i4^t77^yMMt« 
3 011 Bt^biljf I C 3 0 WHWkfel© ^T1!Bft*j££ L Tift 93 TffcHSS 

^H^{«^SiJ^- (ID) ^iSBaESr^T-r-So 

[0 0 6 7] <f— bf^ir^^>f— tf^ir^^ l o (Dmf&M^m 5 tc^j- 0 -y— tf ^ir^^ l o (2, 
h7-?Jy?7^-X 1 0 5*3i«^aff I C 1 04, f— 1~ ^^fflx'-^^-^ 
10 3, «tf ^x-^-<-^ 106, m%%tttn7 t -fi'<'-X 107, CPU101, ^^no 

[0 0 6 8] ^imitl CI 0 4te±itm&2 0t<Dm\5&£TfT-?(D^^ f— f^SHHjJt 

(ID) #!5&£;fc/r*5!K -nttiififfi¥i^5#^^Offi2SIiEW|S^Jffli-5 0 

[0 0 6 9] t-my^io onS-JHtilfi i c i o 4 f±^M«mt#^=S:^<ttJ J *ii«tmp#^S: 
vxtt&G-itffltomifr (id) ^5B«i^ir(offlf#^i&*ft$ttTv>5o x-^iif&^*3v^T*iiii 
-^-<-* i o 6m*MrtUT*5< 0 

[0 0 7 0] flJffl#tf^X-^-<-^ 1 0 7(C«, f^-fe^^ 1 ofrt><oy— lf*©«0(r&£tt 

(ID) ^#flJffl#^^tt^^^^^$t^xv^5c ^^1^7-^^10 31:11 f- 
-t^^ffi#t^^f c ^^M^x-^^^$4xT^?) 0 CPU10K1 PfrSHttM I C 1 0 4 <0 

»«rfT*V\ ^!il0 2fl ajf^-^O-BtlStt, feS^D^^^^Mt Itiit^RA 
M, ROMAIC «toT«^$n-5o 

[0 0 7 1 ] [B|P^ -BIIE^/W] ^0J^ii{f^^^Lfc1^-t^S^>^7 i i^^C*5V^TfflV^ 

[0 0 7 2] 06tt*»Kfc*5»t5f--tr^*^^lO^±ffi«M»2O, frJ»#M» (T<fcttM») 
3 0 i^r^^^ftliBt^b • ^w^&SfcfcfcfcW-CfcSo 

[0 0 7 3] f— t^-fey^ 1 0b±.fflffl2 0b\**m*y h !7-*T8H*$ftTV>5 0 ^fcBf# 

H»tctt««BI*>-5. rfcfr'fc, (l) flJflP*Nfe*IS (T{»£) 30^n-^yH7-^(:^ 
WC43sW«l«**S:#fUffl-C#6«#, (2) #j?P#ftttU£ (TM) 3 0*B-^*yf!7 



prH^*5o &*>\ (TffiflMI) ©«M»lD«r#IiB-f«ii:»!:J:9 % ±ffi«S«ET<B 

,[0 0 7 4] [i#7n-] ^ISMWiift¥©^t^-lf^t6^^xA(^f-t5±te«l«2 0 
:fcJ;tW&J$#fc#£ (Tffl&£) 3 0©t-^t^ 1 O^lJffit^jIPgf— fc^(Dg^S(-o 

[0 0 7 53 az^Mj^^0»-t^^ 
t\ mx~i o^m\^x^%m(D^-\f^mwy^j^(D^(DmMmm^mn-r^ 0 

[0 0 7 6 3 £1% l7Q7PH:^tJ:9l:, ±{fc»&2 0£*y M7-*£^LTir— if**^ 

■^^^n^w^^tt. ^7y7*s 7 o 2\z^irigmmu<DXTy7'\z.&z> 0 m^mimmy^- 

%m7_^-f a c*u2±ft1&8&2 ofcit;t-^ty^ i o^tesfciiffts^coiES'tt^m^-r^ 

[0 0 7 73 I7l:^t, KSE^p b^/^^Htt-r^c^fci "9, 5piE**MS^-if^S:Sttfe«J, 
t-k^ty^ioi ilo Tilfi £tT 9 £ £ £l£ C r t &X% Z>„ ^7y7*S 7 0 2 0tt&BiiE££ 

3pJffl#»ftSrfT5o 

[0 0 7 8 3 a8.^^i"fiJffl#Sft¥ft#-ett, f— 1 O^iJffl^tf^T-^-* (M 

mm^&w^m&m (^7^s 8 0 2) mt? 0 

[0 0 7 93 lilt ±«#fUJS#tiMSL ^Rffft^, * h#*$<0fUffl#ttttgX#tt#£ 
fy^S 9 0 2) <H?5o 

[0 0 8 03 ^Jffi#fflf$R^S»dS^71-«t, ^^^^PI'P^iJffl^liEM^^tf^ #Jx.tf^ 

— ift5. 0 .-.;:^;i:EE^^ — 
mm^mh Ltzm&it, m^xmM&mtit&n&n (^7^s 9 0 3) *fio 0 eu^^ta* 



[0 0 8 2] [#ynhn;W:o^T] 

[0 0 8 3] 3feoa6.-ctftW bfc J; 5 fc±(fc»» 20it-^ty^ioi ©Mttt, ^WHuf-^ 

m&s%<D4kmmk®%m<Dm&hbfrzfr±iiLm$s2 oohshhum i c 2 0 5 ©rtSM * y 
jw$ttTv>5*&^^, mbwu^Bt^ami C2 0 5o»^j; jc*>e>^c«)»jW-e:i*, f— 

[0 0 8 4] Bll , l_L2.^MS(do^TtftPJ-r5 0 Kli^tT^i^ J:W2 0lit-t' 
1 0l£ttfc£S«M*&g3fc£i£{rt5 o f— t^ir^^ 1 0 tegjfrlofc*. hfi^mxhfiif, 

(id) zmm-ts. 

[0 0 8 5] ±im&2 oiit-wty^ i o^f>If)tittfct-^ty^isijf (id) 
•fcO-fe^fcHi&U fc^-fe^^ l 0fcg#O±t£«««SiJ^ (ID) , tt^&£tfgtM*liE 
PJ#^f-f^o ±ffi»S2 OGXfrlHfcaM I C 2 0 5{C{±f— t^ir^^ 1 0<D2:Mm&mfl£tl 

r*3t), f— if^-fe^i o^(D^^f(D^^c:(i-(Z)^^^fflv^T^{f7 :: -^^H|p^-r5o 
[0086] mi 2 tc^-rw<pj: ±.mk^2o&mm(D%&*&m-&m&Kte / jkmm 
mm<Dfrt> *) \zL±mm 2 0 vtz&mm*±^* ^mmirz> 0 

[0 0 8 7] ±{ii^2 0^f,t-t'7ty^ 1 o^iStex— f— t'^-fe^^ 1 ootemm 

vmnr4ki$tix^z<DX\ mmT-*^*ti%±.im&m%fr (id) , wm&mn? 

[0 0 8 8] ±&*IS8BBiJ^ (ID) ^<7)7*-*£gfsLfc-fe^>m, f— b^ir^i 0 
ftll^iffimgd^jg&nTtfcx-^Srtf^-t-So iflfcf-^t©±W» (ID) co 

^us:m\ e^ksu^ (id) -cfetifi, ^t7='-^^<D±fi^»j^ (id) , mm**** 

^Otg-^fcSVMiittmSHftS'J^ (ID) ©E^ttftSE, x-^^-^^^^^Lfc^tcKi, 

.t-^^^.i P{t±fi^.2_o^^.7--a^sr-7g-r 0 -■- 

[0 0 8 9] b . fcJ#P*j-#M« (T{4^) 



Sft£o fHffl*Nfe«« (T#«&) 3 0iSg«t5±fi«S2 0l4, rtf>3^££fr5 Mt-± 
tiHSSS2 0 ¥x±y# 1 or^T*o^EIE7 B p h=ywSrHlfiL-r*3 0, -fc ^o|HJTBIE*s 

[0 0 9 1 3 b-i. ^WiiHf^^^^7^^MTfM^^(c:^y7^^MT{i#^^fflv^6 

v>mfflttMm& (TfMts) 3 o (7>Bf -^-{biim i C3 o 5<Dp%to**viz.mk£irix^z&&ks z 
tibom&ffc^rikma i C3 o sortifM^yfctMfrfri*, t-^ty^ i ofcofciaas&gfcfc 

HI 1 4 IZtMTq 

[0 0 9 23 Ull 3 , B 1 4 ^3ltCOV>-rlftWi-5. 8^S&£fT5i&£\ S^MJW^^ 

2 Otef— tr**^* l Olctta«S»ISte3S#£**8N-<5o f— t**ir^ l 0lig*:fSie,n5 
'jKffi-Cfciifi, «Sa»B!*&Brti"Cfc 5 r <h £±<Mg 2 0 fcilfcrts. * LT±ffc«« 2 0 tt#t& 

[0 0 9 33 ro«S«»ftM^«aB3ai*PSrS»tSt5i:, M^iMS (TtiPHHB) 3 0l«MtI 
S#^MI«ISr±ffi««2 0lcj^fll1-«o wixS:SJtSJiofc±fl:ttM»2 Oit, ^tib^m?-? % 

[00943 mnnmm mmm 3 o^? ) it«2o, t^ir^^ 1 o^ift^n^f 

(T«) m\* (ID) , m^7-^^l£f«Lfc^ SfeKS^fcUI-SBrtBtt* 

[00953 mnzmxm mmm) mm* (id) m^-pz^itLtz-t^?^ f— t^-t 

mm mmm mm* (id) ofcif££m\ je^m^ (id) xhtut, msf-t^nm 
Wtt%m& (Timm) mm* (id) , ^a^^j;^iiiifiEPj#tL<«^TO^«rf^x- 
1 0 6\z%m-t?> 0 T—t^-x^o&m&iEmzifeT Ltzm&iax 1 0 

tt±te««2 0ic««S««ia^TiiftiS:iS-ro 7 :: -^(Om•§•$36V^ttJlf^:^I§^SlJ^• (ID) cOT 
il£p5rii|-t* 0 

[0 0 9 63 ±ft«2 OfcH— fc**-fe^ 1 0^P>Sfi Lfc^l^7il&k L < 

mnmm mm% 0 ._3_qj;$^t 5. 

[ b"d 9V3 b - 2 'xmrn^rttn**?* ymrim^mm^^mmx^-r, &mm 

[0 0 9 83 :Oi^^nh3;^il5l^f 0 r<75|§£<b, ±&^2 0 tt«*»ftM*&# 



m& (roam) 3o&w&&&mtbimM*a&%:imzt, mmnmm (T&mm) 3o«s# 

[00993 £<a#£\ ±ft#£2 otc&ffSftSttSSiD, ttla*^l^«ttl^p■^|•^k$i^Tv^*v^*s % 
1 oo^^Ht^bi-5o 1-&fc>*>, ±&#&8I2 o^-^^Bt^b^W-rSo rroi©Mlii 

[0 1003 b-3. ^m^^^7y^^§yT{i^^V^T^-77^^MT{i«^ft-5 

%ttzw8irz>±x*&mktez, mmnmrn (T&mm) 3ouM<D^mmtmmm<Dm^hh 
frzmmnfiMm mm^) 3o<Dft*ikm4Bic3 0 5<Dftn**v\z%M£tix^zm&ts 

£ Hi 7 tc^j- n 

[01013 mi MJ^L<»3(co^-cra-f s 0 (Tfi:«s) 3 0 8*&jkh*$r 

IB»j!£#£KiEl-5o W«ia»«E«c 3 l 0 ttWx-tf p< * y * - Kt?fc 9 , ^ * 9 KOKSU^S: 
(T&«) (ID) , M£&i;t^^tira« ( Mi 6 ) t>L<{*£M«i ( HI 7 ) 

[0 1 0 2 3 7*-*tei&6S^TLfc&, 1ft«fBft&#3 1 0 £f|iiJ»#M« (TftttlS) 3 OTffii 

»a»e>ttt>*u ±<it««2 o^*f5o ±wm2 oftmmm&2 1 1 (t^ie^f* 3 1 
io\zm&&m*tb9*t:mm*mmm (roam) 3 oowmk vxn? 0 

[0 1 0 3 3 if— Xttis* 1 0tt5*»cj«:^e>n*^l»T?ifctitf, ««»»WJte^tB^fc.5r 
±<£tt$S2 0(cii^g-r^ o ^LT±ffi««2 0fifl|«|Bftjftft:2 1 1 d^iK&LfcT*-* ^^Ot * 

-ir^^^^fi-^ 0 tfigfE^f*2 1 ifrbto*m$tiitmmn*.wm (nmm) mm* (id) 

to#\*itT-fi*mm*tfmi& (roam) mi* (id) <D&m*n\<\ je^k i Dxhtuz, 
%tBLtzmmM&mm mm%$) m\* (id) x «ia^*3«t^w«tras ( Mi 6 ) t>u<« 

^MH ( Hi 7 ) &8l»flWR7 ? --*'<-;*l 0 6^»fti-«5o 7*-*^-*^0£fSW s IE#K:il&7 L 
tzm&\a$, if- tr*-fc^* l ott±&«l»2 0^&g^Tii*n£M1- o x-*<D^fc3^te»P 
*Hfe#ISS (T&ttfcS) IKBU^ (ID) <£>:E^tttfefiE, x-^^-^^OSfik^BfcUfcii^Kitt, f" 
-fc**-fc>^ l 0tt±ffi»8S2 Ofcj: 7 -ii*P ±ti^ 2 0 fitt«E^# 2 1 1 \mm% 

# (Ttt««) 3 0(c#«)-r§o u»>ff« (t^hs) 3 ommmmmmMzn^tz^ v 



[0 10 4] b-4. #mmto%tt<n*7?4i'MTim8fr£Mmtttt&mRv%i t , &mm 

mu.-fz> 0 umnmm (tw) 3ottg#«§§iD, sr^aia^fr 3 1 0 

[01053 ±.&mm2 ote\nn^mmfc2 1 1 (=tmBmm&3 1 0) ^*$tts^, timiE 
mm>2 1 i^se^w^i-?) 0 i*#ts^f*2 1 1 ©bse^t ±.itmm 2 0 &tt 

^2 1 l^^x-^^fe^-t-^o ^7t, ±{»^2 Oft-y— t'^irv^ 1 0{C^^M^ 

m#&mfe-tZo t^ir^^ 1 of«*^^^tL5^-r&^«\ «ms»M^Frt6t?fc5- 

£ ^_h{4« 2 0 tciifti-f 6 0 _h{4» 2 0 nmmmmit 2 1 l frb mm L f:f- * if 

OO^Ii-CBf^bt, irv^^ff^o f#^fE®W£2 1 1 7&^^W$n^$y^l*ffe«l 
2s (T4tm%s) W.ftfr (ID) iWf-^^^s L^ir^^f^ &%<Dm®MV±.tiLm$$2 0 

tfcx-^irm^-r^o %<D&&^LftT-fi*<DmwMMmi8 mm%) m& (id) o^k 
iE^^iDTfcn^ sftu^*ij^*«iss (taduss) (id) , mmzzm^fii 

[oio63 m%smm7a b=>^i mz., i—\fx±>? 1 o, ±<m^2 o, umn^m^ (r 
hzr/Hi, T-^am^tT^9 2^mxm\tm^(DiE^^mm^5tz.mz.Mn^ti57vi±^x^ 

Ofc^kt LTfTfrtiSmglBfiE^n hn;^, $J$P*t&&& (T<£$3S) 3 0 £<£<i>i LXftfrtl 
SttlSKSE^P h^/M-o^T, ^e^tllftWi-So 

[0 1 0 73 a. ±&mgffl£-f\ ±&4»2 0 il^-t^ir^^ 1 0 tO^T^fT^n^HV^OIE^ 
ttSrfilKI-S^fSffiE^n h ri/WCo^-CtftWi-So 

[0 1 0 8 3 Ell 9 tcf— fc'^irv^ 1 0 i±fic»»2 0 £ ^«HBBIiES:fT5»^©^o h=t/^ 
-To *-f±ffi«»2 Ottf— f^-ty^ l 0K:a»IIBIIEHI*&5?*Sri^fll1-6, l ott 

[01093 ±ti«2oiit-^t^ i ofrb. mmm^m<Dft^^m-r?> ±mm 

2 0g#©««IDS:3@H§i-5 0 *0>8L l^—^ir^ 1 0^±ffi«IIS2 O^ora-elSSBfiESrff 
9, 4e2BIE<Z>3Mft# £ LTte, fctfctfl S09 7 9 8 fc^SftT^S^llfct £#Jffl^5r 

[01103 IS09798 <£>tl£MfIE#^# t LT, &M»lfr*#5*;-Ci>* 1 6 0 \fy h^OtlR 

... TE.C£&»,^1-^^^^ .HilM -xt 1- 6 o - 

[0 1113 *1"BiS, 64t-^h©atRb^l, A^m-r^>o Ztl&£te LfcAte, frfc 



£6 4 \fy h<Z>£L$CRa:fcctT>*$?i&:p «t U/h$V^i§L*AkSr^fifc"t-5. ^LT, ^^yfG^ 
AkilUfc^Av=AkxG^ft, Ra, Rb, Av (XM^irYM^) 5 A. S 

j/ k AvfDxmmtYmmt^ti^tii 6 o bxhz<DX\ -g-tu 4 8 if * M^-rsm^i- 

JO 1 1 2] ^5MWiEW#«rjpJffli-SRlfctt, f(Jffl#ttia^iSy*1-5^MIMEK#BttEJ» (CA) 
[0 113] A^Witra#, Ra, Rb, Av, M^ZA. S i g £gff LfcB te, A&i&fa 

^mmmmm^m^m^^mmmo^mmx^mL, A^mm^M m-t a ^lt, sotbtfc 

U-CBBEi"*„ 

[0 114] Bte, WMp «t D/J^V^SLjRB kSr^-TSo «t LT, -<-**V y h G£B k 

fL^Bv = BkxG^ Rb, Ra, Bv (Xlf^Yli) IdSttSiff^B. Sig 
«r£fifeU B<&&M«GE9i*i: £ 'M-A^l^-fSo 

[0 1 1 5] B©^WMttEW», Rb, Ra, Av, «^§£B. S i g ££flT LfcAli, B^i£f§ 
LTtfcRa^, A^^£Lfet>©i-SrrSd^iEi-So -ffcLTV^fdi^te, BO 

B^M«t*fflv^«^*^B. s i gzmtirZo n*m%<7>iikmzj&$}Liz'&, a^b^ie^^ 

lo 1 1 6] m%t*m&\zj&#}Liz.m&\z.^ BUBkxAv (Bkfmtfc^, A V mtR«± 
(D&xhztzfr, mv\fon±.(D&(D*iJ7-\m%ft&m £f+nu A(jAkxBv»u ^ 

fig -*Hfc $ ft 5 ff -eft < , tmt#^ti5ri^fc^ 0 

[o 1 1 73 m^mzftmE^isT*-? <Dmt<Dm^ to, ^-^mo^ofc^td^, 

*3, x-^ORf^tfc&gftirs'S'a >H(D^(if— t^irv^ 1 0, ±#«& 2 0 &#fT 
[0 1193 b-i. ^>"7^yMT^^(cf— t^ir^^i 0tty7^fyMMtK 

[ o-i -2 .oj s >- %4 ^m&w®i$mm m&mm 3 &&±mm 2 e\zmmmmm^m^- - 

*miti-z>o ±.im&2 ofcmmcfcz_btiz>wmxhthit, m&mmmte^mxhzztzmmtt 
mm mm®) 3o\zm*\-tz> 0 nmnmm (tmi 3 oi*±Mm2 oK&*<Dismi 

D£&{f1"5 0 ^LT±ffi«l«2 0^$iJ1tt*t*«l« (TflH&SB) 3 0 £ (75|B]-ClSSfiEESrfT 0 o 



[0121] £*5, ±imm2 o tmwtt&m (nmm 3 0 k^rnxomsmm^ mmw 
-tf*i?^* 1 0 t±te««2 0 k<DW<DtoEmmmk lx&w Ltim2_o<D^mm^jj^(Dm 

[01223 &mm**tt&m^ftKimj3W:*, m2_2*m^xmw-tz> 0 m 2 2 te&iigmt 

£>5 0 BI2 2 fcj3l^-C\ A, B©V^ttJ6^s±tt»»2 0, fl^dSfflfflftftftli (T&«») 3 01: 

[0123] ^f, B#64iry h<OMcRb££fifcU RbJb^lBO I DtfcS I D (b) £ 
A{Ci^S1"-5 0 m^flftfcAlt iffc(C6 4 Ify F^aicRa^U Ra, Rb, ID 
(b) (Dm^s DESOCBC^-KTltKa b£j3^Tx-^£^<tU BlzM&-tZ> 0 
[0 12 4] mSrSfllLyilBtt, ^7-^iKabt'ifftt5o Sft^-^fc-JH^Sstt, 
ST, Bt^El^HKa b-etg^L, SL#Ra£#3„ Bf ftE 2 SrilK a b T'l^fbL, 

Ztofe&k E 1 .S:$Nfett»3?n U R b £r#<5 0 ft^ UtiE 3 £|tK a b "Ctg^b U Z<DU 
5kkE2&9m$)1immL. ID(b)^|5 0 ^LT^ktlfcRa, Rb, ID(b)©a Rbfc 
i^ID(b)^ B^mtfet^^-S:1-5^iEl-5„ CO&iElCi§ofc#£\ BfiA^IElft 
LTBBETSo 

[0 12 5] jJclCBIi, BaE&fc&JBTS-fcyv'ai/fli (Session Key (J^T\ Kses^) ) 
££l?!cT5 SLf££/B^5) o ^UT, Rb v R a> KsesWlSC, DESWCBC 

KT'ltKa b£ffl^Tltf#{bU A^ig^TSo 
[0 12 6] :ift£g{f L/iAte, gft^-^SrfcKa b"C«f{kt5. 

B<Dt*JNb&££l^«-C&5©-C, ^T^i^ffl£€B&T5o ^Ht^ilfcRb, Ra, Kse 
sOrt, RbfcitFRa^ AiS^tfetWt-Srt-S^SE-rSo ^&fEfc:iiofc$&£\ Ate 
B&jESftfcOfcLTBSETao l>fc:t§¥«:BliELfc«fc:tt, t r >3^ftKs e s tt\ BtEftD 

[0 12 7] gftx— * <D$iM.<Dmz., ^fsE, ^— S[^JLo^ofe»^»CJ4, ftSBBEtf^Sfc 

LtzhOt LX&mZ^M-tZo 

[0128] ftsmmtff&*birti& s ±{tm$s2 ote*)—\?x±>? i o\zMLxm&$m.tote%M 

htii*. ®&&mMte^mxhzzk&±im&2 oizmza-tZo ±.itm%s2ote-9—t*x±>?i 
o\znmnmm mmm) 3 0«iD^m o ir-ct-^tv^iottTttamo 

i oo^o^tf^x-^^-^ i o 6\z&&&tix^zi>)^fr& : ?zzy?i-ztimk Lxmnzn 

5o m&ID<DjE%&&1iE&lEmmTi'5k, iW2 0lilM« (TfifcfcS) 3 0i^ 

mm^m^ (roam) 3 o t<Dm<Dmimma*m^Lfo\ 
[0129] 1 0 to^iijff^pi^s^T, mvm&®& (rimm) 3o&±> 
t.tmmMM ux&mm&fi*u- muBiiau. ^xtfi^^m^- -^ w-^ ot — 



mxh6 0 nKmm^±yi/B^m<D&m^&Ltzm&iat, ±^?i$Tim^^7-z&-t 0 

a^p-r^o •tv^s.ymmmtt&mm mmm) 3otv— 1 o<Dmx&Gx%ti&. 
^v^ymr{m^^mxmm-r^^m^^^x±im^2 o t mm\m o zt&x% s 0 

[0 13 03 fcib\ Bt^b^tl^^/c^v^^^ 3 0^l:it mtf?^* 

[0 13 13 b-2. t77^ylTli»c, ^^^^vMTfi^^^BE^D h=i/Wco 
[0 1 3 23 t77>f (T&ttSSS) 3 0ft *^^ffi«IB»«lfr^Tffittl«t-^ 

[0 1 3 33 ±ffi«H»2 OttttftfBftfcta&s-fcy hZtiZb, if fclB^ftORiE&fTofcflL 

mft<DfettoT-*\zm^xmn£tiz>o ««iBfl^«co±(i«s2ot«««i*t*«« (r 
3 ora-eo^ft^ifefentftT^, tisra^^-rn^ ±{fc$&2 oiiif— ir**^ 

* 1 Oli«il^^0Ji^« 3 0l:ftt)ot5*t5, f— tf^-fe:^ l Ote 

[0 1 3 43 ±ffi»»2 oteif— tr*-try* 1 0^JW»^ (Tfi«) 3 0*ID 

2 0 i ffisBBBasfc i y > 3 ^o^m^rtT 5 , lp Lmom&tim (rmm) 3o^t- 

WW, ^S^CTfl»#IE»jKfrW±te««2 0^«y»M*^ (T<fc»S&) 3 0 W-e^ftiSfi 1 ^ 

J# f Mtl^^i.^^Jii^^ .CTfl«MBBL - 3.0.O^iai v -M^-!Z V-^-A/-^ -!7- 



[0 13 5] [fiJffl#S^ flWRXH^c ha/v] fUffl#*^»i»**Wf(lffl#ttP«Sr^ 

[0 13 6] a. ty7>f ylHiS*f±fiiS2 o^iytyy^f 

^2 0*5it>*^^7^^M(7?»^#^ (Tffi»S) 3 011 r«gj t^1-5o ttlSttf— * 

fUJB#flML BiD^t-t'7ty^ l ottrtwfiJJB^if*?*--*^— * l o 7tc3»f<5o x- 

[0138] ^jb\ (Tffi«») 3 o&m*<mm*ffiz.fo^m&^ Timmt±iSL 

[0 13 9] fc*5, -t-CtCf— If^-fe^ 1 OrtOflJffl^if*^-^^-^ 1 0 7 fd5pJffi#W^SS 
. . _ CM^O/n.fc g/V^ium. . - . 

[0 14 0] &jb\ (T&8SS) 3 o^Bf^ai^^^^v^fi, Tffi«St±fi: 



[0 14 1] b. ^77^^MT^^V^T^77^^MT^M^O#^^OV^T^Zli-<?, 0 

[0 14 3] iW2 0fi$iMW 3 0^^7-^H©$^t-t^ty^ 

m*x%m*\m%Kmm%iD&&ftu tmrn^iD^xmrn^mm. mm id 
zmft^mmT-?^-* 1 o 7 (cg^-rso 

[01443 -^-fc^ir^^ 1 o«x-^-<-^^(7)^#tf#(7)^m, 3W§-i D^mmnmrn 

±>* 1 0^bMS^T»§:^{«5i:Bt^b$nfcfiJffl^ I D^ff#fE^f*{c^-t--5 0 Z<D 

[oi4 5] m^. mmnmm mmm) 3 oimmmmmm^m^otz^it^tifzmm 

(TffiflMS) 3 0«li^3 0 3 (Mi.#fi?J {C*5V^THft$tt5o -n-CflJffl#«^^f|J 
[0 14 6] (T<fc«S3) 3 O^^b^fg^ii^^v^fi, Tffi«*£±te 

[0 14 7] ft*5, t**i?^ 1 OrtOflJffl^tiMRx--*^-* 1 0 7tC3pJffl#i»a^2 

mztixtev, Z(Dinmzm'£'fz>m£ia$, &m^m%<D*x~m%% id zmn-tzzk. 



[0148] ft*3, mnM&m (rwm) 3oam^imm^m^^\t. nsamt±m 
[0149] imm%mmttn&&7v h mm^mi-t^ftib\zm^<^<o^m^^ 

n-fs<x9-m, mm<Dtzfr<Dmmzm^hL<iz±>#fc&mi-z^m%\^\,^xm'<z> 0 
[oi5o] a. mmmmm%<D/<x7-mmm%mmnm*m&ftM^i%i£Lx. y—v 
^ommm(Dm^mm^(DAt]Ltzmm^mmMntm^-r^^xh^ 0 zom&K&tfzs**? 

[0151] ^iJffl#^/^7- K«rtfcf£*B (±(fc#£©»g\ tftf^S52 0 9, Tfflm<0&kVMm 
3 0 8) d^A^-TSi, «SttfiJJfl#I Di^t5^!7- K©*&£^rtSB<z>^!J 

[0152] W:id*- K^rfflv^*^lJffl#BIlE^1l«»j**!la^co^^TlftM'^-6o h 

[0153] b. ±>?\,z.&ft (±im&- x^y^^MTtmm) 

[0 15 4] $f ±fiaHfc'J:U ! ty7'f yl©0J»^iS (T<fc«H») &5pJ/Br*#£tt#TO 

t>-f%b, «SttfiJffl#I D<b^1-^/N°^!7- KO|aS:-fejx'>3 >*afc-JHfcU S^lDiH 
^f— tr^-fe^ 1 0^^fi-6o f— tf*-fe^ l 0f»#{b£tifcfijffl#l Dt/^I7- KSrfll 

HflNSKiai^-Srjgi-. t^t(DW^7Lf:/^ll l 0 ttttH&fc&a^T Sri! 



[01553 w**MMm mmm 3omwMn*mx.t£^m&Ks TWtmk±fiL 

[0156] ^{C, ID^-KSrfflV^^fe^ov^TtftWi-So r^m^^7°n h=i/i/$r BI3 7 tc^ 
1% 8&8f*fiJffl## I KSr-fejx I D*- K^bfiJffl^ I D*5J:t^(|ffl#BBEfl(f*Sr 

<E^i-*o «fif— t^-^v^ l 0 JcfUffl#«IE««©afil[H!^Sr5*i-e, t-^ty^io 

[01573 **5, mmM&m mmm 3o&s&<mrnzm*.t£^m&Ks TimmtitiL 

ZMfti-Zo y—V'x±>? l Otf>fe<0^-*W:±&8&3I2 0^-fesyi/ 3 yit'tf t 

[01583 c. *7 7jymT<m^mz*7 7j>m<DmwM&m% mmm) om&omm 
[o 1 5 9j *7 7j>momwtt$mm (rmm) 3 onmm^mm^i D&zvstxv-}* 
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(57) A [summary] and [subject] The service offer system which holds the secret of 
communication by the maintenance and control through the external network to an electric 
device without the communications department and the scrambling section, and is made 
possible is real ized. 

[Solution means] The control I ed-system apparatus (low rank apparatus) which is objects, 
such as a maintenance and control, is used as high-order apparatus through information 
recording media, such as a memory stick, through a local network with the composition in 
which data transfer is possible. 

High-order, apparatus-has- a- means -of communication, -and transmits- the-data received from 

the service center to control I ed-system apparatus (low rank apparatus) through a local 
network or an information recording medium. 



In order that high-order apparatus may perform a service center and communications 
processing after enciphering data, the safety of communication data is guaranteed, and 
disclosure of important information, such as personal information which is needed in order 
to offer control information or control information, is prevented. 



[Claim] Control I ed-system apparatus of the [Claim 1] local network interface means or an 

information recording-medium interface means which has either at least, 

While having an interface means against an external network, and a scrambling means to 

perform scrambling of the transmission data which used this external network 

It has high-order apparatus which has the composition in which data transfer is possible 

to the above-mentioned control I ed-system apparatus through either the local network 

interface means of the above-mentioned control I ed-system apparatus, or an information 

recording-medium interface means. 

The above-mentioned high-order apparatus receives the control information over the above- 
mentioned control I ed-system apparatus from a service center through the above-mentioned 
external network. 

The service offer system through the means of communication characterized by having the 
composition which transmits this reception control information to the above-mentioned 
control I ed-system apparatus through a local network or an information recording medium. 
[Claim 2] The above-mentioned service center and the above-mentioned high-order apparatus 
are the service offer systems which have an attestation processing means and minded [ 
which is characterized by the data transmission and reception between the above-mentioned 
service center and the above-mentioned high-order apparatus being composition performed 
only when attestation by attestation processing is materialized ] the means of 
communication of a publication 1. 

[Claim 3] The above-mentioned high-order apparatus and the above-mentioned control I ed- 
system apparatus are the service offer systems which have an attestation processing means 
and minded [which is characterized by the data transmission and reception between the 
above-mentioned high-order apparatus and the above-mentioned control I ed-system apparatus 
being composition performed only when attestation by attestation processing is 
materialized 3 the means of communication of a publication 1. 

[Claim 4] The above-mentioned high-order apparatus and the above-mentioned control I ed- 
system apparatus are the service offer systems minded [ Claim / 1 / which is characterized 
by for the data transfer which has an attestation processing means and minded the above- 

ment j ooe.d _i.ntor mat ion -record i ng -medium -between the- above-^ment-i oned h i gh-order- apparatus 

and the above-mentioned control I ed-system apparatus to be the composition which performs 
only when attestation by attestation processing of the above-mentioned information 



recording medium by the above-mentioned high-order apparatus and the above-mentioned 
control I ed-system apparatus is materialized ] the means of communication of a publication. 
[Claim 5] The above-mentioned service center is the service offer system which minded [ 
which is characterized by to have the composition which performs apparatus justification 
verification processing ] the means of communication of a publication 1 by having the 
apparatus information data base which registered the apparatus identifier of the above- 
mentioned high-order apparatus and control I ed-system apparatus, and performing collation 
processing with the apparatus identifier registered into this apparatus information data 
base, and the apparatus identifier which receives from the above-mentioned high-order 
apparatus or control I ed-system apparatus. 

[Claim 6] The above-mentioned service center is the service offer system which minded in a 
means of communication given in Claim 1 characterized by to have the composition which 
performs user justification verification processing by having the user information data 
base which registered the user identifier of the above-mentioned high-order apparatus and 
control I ed-system apparatus, and performing collation processing with the user discernment 
data registered into this user information data base, and the user discernment data which 
receive from the above-mentioned high-order apparatus or control I ed-system apparatus. 
[Claim 7] The data transmitted and received between the above-mentioned service center and 
the above-mentioned high-order apparatus are the service offer systems which minded [ 
which is characterized by being the data with which encryption processing was made using 
the effective session key only in the communication session concerned ] the means of 
communication of a publication 1. 

[Claim 8] The data transmitted between the above-mentioned high-order apparatus and the 
above-mentioned control I ed-system apparatus are the service offer systems which minded [ 
which is characterized by being the data with which encryption processing was made using 
the effective session key only in the communication session concerned ] the means of 
communication of a publication 1. 

[Claim 9] The above-mentioned service center is the service offer system minded [ Claim / 
1 / which is carried out / that it is the composition of offering one service of apparatus 
diagnostic processing, apparatus restoration processing, data backup processing, data 
restoration processing, data distribution processing, help data offer processing, and 
operation information service processing, and / with the feature ] the means of 
communication of a publication to the above-mentioned control I ed-system apparatus. 
[CI aim 10] It is the service offer system which minded [ which performs attestation 
processing between the above-mentioned service center and the above-mentioned high-order 
apparatus with a public-key crypto system, and is characterized by the attestation 

processing, between the above-ment i oned- h igh-border- apparatus-and the above-ment ioned 

contro 1 1 ed-system apparatus being composition performed with the system of either a 
public-key crypto system or a common key encryption system ] the means of communication of 
a publ i cat ion 1. 



[Claim 11] It is the service offer system which minded [ which performs data communication 
between the above-mentioned service center and the above-mentioned high-order apparatus 
with a common key encryption system, and is characterized by the data communication 
between the above-mentioned high-order apparatus and the above-mentioned control I ed-system 
apparatus being composition performed with a common key encryption system ] the means of 
communication of a publication 1. 

[Claim 12] It is the service offer method of offering the control information over 
control I ed-system apparatus through a means of communication. 

The data transmitting step which transmits the control information for which scrambling 
was made from the service center to the high-order apparatus connected with this service 
center through a means of communication, 

The data transfer step which transmits the encryption control information which the above- 
mentioned high-order apparatus received to the above-mentioned control I ed-system apparatus 
through a local network interface or an information recording medium as decode control 
information decoded in the above-mentioned high-order apparatus as encryption control 
information, 

The service offer method characterized by ^^(ing). 

[Claim 13] It is the service offer method of having minded [ Claim / 12 / which is carried 
out / performing only when it has the attestation processing step which performs 
attestation processing between the above-mentioned service center and the above-mentioned 
high-order apparatus before the data transmitting step to the above-mentioned high-order 
apparatus from the above-mentioned service center and attestation / in / in the above- 
mentioned data transmitting step / the above-mentioned attestation processing step / is 
materialized, and / with the feature ] the means of communication of a publication. 
[Claim 14] It is the service offer method minded in the means of communication given in 
Claim 12 characterized by to perform only when it has the attestation processing step 
which performs attestation processing between the above-mentioned high-order apparatus and 
the above-mentioned control I ed-system apparatus before the data-transfer step to the 
above-mentioned control I ed-system apparatus from the above-mentioned high-order apparatus 
and attestation [ in / in the above-mentioned data-transfer step / the above-mentioned 
attestation processing step ] is materialized. 

[Claim 15] It is the service offer method of having minded [ Claim / 12 / carry out 
performing only when it has / / the attestation processing step which performs attestation 
processing of the above-mentioned information recording medium by the above-mentioned 
high-order apparatus and the above-mentioned control I ed-system apparatus when the data 
transfer between the above-mentioned high-order apparatus and the above-mentioned 

contro Ned-system apparatus 4s- per formed as data- transfer through- an- information- recording 

medium, and attestation / in / in the above-mentioned data-transfer step / the above- 
mentioned attestation processing step / is materialized with the feature ] the means of 
communication of a publication. 



[Claim 16] The above-mentioned service center is the service offer method which minded [ 
which is characterized by to perform the apparatus justification verification processing 
step by collation processing with the apparatus identifier which has the apparatus 
information data base which registered the apparatus identifier of the above-mentioned 
high-order apparatus and control I ed-system apparatus, and was registered into this 
apparatus information data base, and the apparatus identifier which receives from the 
above-mentioned high-order apparatus or control I ed-system apparatus ] the means of 
communication of a publication 12. 

[Claim 17] The above-mentioned service center is the service offer method which minded [ 
which is characterized by to perform the user justification verification processing step 
by collation processing with the user discernment data which have the user information 
data base which registered the user identifier of the above-mentioned high-order apparatus 
and control I ed-system apparatus, and were registered into this user information data base, 
and the user discernment data received from the above-mentioned high-order apparatus or 
control I ed-system apparatus ] the means of communication of a publication 12. 
[Claim 18] It is the service offer method which minded [ which is characterized by for 
either the above-mentioned service center or the above-mentioned high-order apparatus 
generating an effective session key only in the communication session concerned as a key 
which enciphers the data transmitted and received mutually, and performing the above- 
mentioned scrambling as encryption processing with the generated session key ] the means 
of communication of a publication 12. 

[Claim 19] It is the service offer method which minded [ which is characterized by for 
either the above-mentioned high-order apparatus or the above-mentioned control I ed-system 
apparatus generating an effective session key only in the communication session concerned 
as a key which enciphers the data transmitted and received mutually, and performing the 
above-mentioned scrambling as encryption processing with the generated session key ] the 
means of communication of a publication 12. 

[Claim 20] The above-mentioned service center is the service offer method of having minded 
[Claim / 12 / which is carried out / offering one service of apparatus diagnostic 
processing, apparatus restoration processing, data backup processing, data restoration 
processing, data distribution processing, help data offer processing, and operation 
information service processing, and / with the feature ] the means of communication of a 
publication, to the above-mentioned control I ed-system apparatus. 
[Claim 21] It is the service offer method which minded [which is characterized by 
performing attestation processing between the above-mentioned service center and the 
above-mentioned high-order apparatus with a public-key crypto system, and performing 

attestat i on, processing between the-above-mentioned -h i gh-order apparatus -and -the-above 

mentioned control I ed-system apparatus with the system of either a public-key crypto system 
or a common key encryption system ] the means of communication of a publication 12. 



[Claim 22] It is the service offer method which minded [ which performs data communication 
between the above-mentioned service center and the above-mentioned high-order apparatus 
with a common key encryption system, and is characterized by the data communication 
between the above-mentioned high-order apparatus and the above-mentioned control I ed-system 
apparatus being composition performed with a common key encryption system ] the means of 
communication of a publication 12. 

[Claim 23] The service agency equipment characterized by to have the composition which 
transmits the encryption control information about the control I ed-system apparatus of the 
interface means against an external network, a scrambling means perform scrambling, and a 
local network interface means or an information recording-medium interface means which has 
either at least and was received from the service center through the above-mentioned 
external network to control I ed-system apparatus through the above-mentioned local network 
interface means or an information recording-medium interface means. 

[CI aim 24] The above-mentioned scrambling means is service agency equipment given in Claim 
23 characterized by being the composition of having stored the processing algorithm which 
performs attestation processing with the above-mentioned service center, and attestation 
processing with the above-mentioned control I ed-system apparatus. 

[CI aim 25] — the above-mentioned scrambling means — a public-key crypto system and a 

common key encryption system — service agency equipment given in Claim 23 characterized 

by having the composition which can respond to any processing system. 

[Claim 26] It is the program offer medium which offers the computer program which makes 

service offer processing in which the control information over control I ed-system apparatus 

is offered through a means of communication perform on computer systems. 

The data receiving step which receives the control information for which scrambling to 

which the above-mentioned computer program is transmitted through a means of communication 

from a service center was made, 

The data transfer step which transmits the received encryption control information to the 
above-mentioned control I ed-system apparatus through a local network interface or an 
information recording medium as decode control information decoded in the above-mentioned 
high-order apparatus as encryption control information, 
The program offer medium it is supposed that is characterized by £^(ing). 

Detai led explanation 

[Detailed explanation of invention] [0001] [technical field to which invention belongs] 
book invention relates to the service offer system through a means of communication, the 

servJce- offer- method,- and- serv i ce-agency equ i pmentv 

Furthermore, various electric devices, such as various kinds of electric devices, for 
example, television, a videocassette recorder, an air-conditioner, a refrigerator, and a 
microwave oven, are received in detail. 



While performing various kinds of control or making it possible to be small and to 
consider each apparatus as the composition of a low cost in the composition which offers 
service of a maintenance etc. through the means of communication of a communication 
network etc. 

It is related with the service offer system through the means of communication which 
secured sufficient security and enabled transmission of the control information at the 
time of service offer, maintenance information, fee collection information, etc., the 
service offer method, and service agency equipment. 

[0002] Many electric devices are becoming controllable composition with a microcomputer 
etc. with development of a digital technology in recent years [ [conventional technical] 
]. 

Moreover, the digital network which covers a large area by communication networks, such as 
the Internet which ties two or more computers, has been built. 
By connecting an electric device to a communication network, the communication-of- 
information form which led the network prospers, such as controlling from a remote place, 
maintaining, or offering maintenance information for an electric device to an electric 
device user through a network. 

[0003] The service center which offers service of control, a maintenance, etc. to various 
electric devices is specifically installed, and composition which connects between a 
user's electronic machines with a service center by a telephone line, a cable TV circuit, 
the Internet, a radio circuit, satellite connection, etc., and offers various services is 
carried out. 

Moreover, the composition which performs fee collection processing to the service offered 
by registering various sett I ement-of-accounts information, such as user information and 
account information, in these service offer systems is also spreading. 
[0004] In the service offer composition through communication lines, such as [Object of 
the Invention], however such a network to an electric device, since data are transmitted 
between a service establishment and user machines and received as it is through means of 
communication, such as the Internet, in many cases, individual information may be revealed 
or it may be altered. 

For example, when information, such as a bank account of the user for the fee collection 
to courtesy rates and a credit card number, is treated unjustly, serious damage may be 
brought about and transmission and reception of data including the personal information in 
the model between which two or more users own the same circuit jointly like the Internet 
have a problem from a viewpoint of protection of information. 

[0005] Moreover, in the service offer system through the present means of communication, 

i-n-orde-r-^ to -reeei ve-serv-ice through a- network etc;-, -al hthe-apparatus- that-recei ves 

service needed to have the composition which makes direct connection via a service center, 
an external network, etc. 



That is, to equip a user's apparatus with the modem as a service means of communication, 
an interface, etc. is needed. 

However, it is not desirable from a cost side and a point of a miniaturization of 
apparatus to equip all apparatus with the module for communication, in order to receive 
such service. 

In the apparatus it becomes important especially miniaturizing, this problem becomes 
remarkable. 

Furthermore, for the same reason, it is not realistic to constitute an advanced security 
functional module to all apparatus, either, and it has become one of the factors in which 
these problems obstruct the spread of the service offer systems through a network. 
[0006] This invention aims at offering the data communication system and the data 
communication method which made it possible to abolish the necessity of making it 
unnecessary to equip with the module for communication all the above-mentioned problem, 
i.e., the electric devices which receive service, and constituting an advanced security 
functional module to apparatus. 

[0007] the 1st side of [means for solving subject] book invention 

The control I ed-system apparatus of a local network interface means or an information 

recording-medium interface means which has either at least, 

While having an interface means against an external network, and a scrambling means to 
perform scrambling of the transmission data which used this external network 
It has high-order apparatus which has the composition in which data transfer is possible 
to the above-mentioned control I ed-system apparatus through either the local network 
interface means of the above-mentioned control I ed-system apparatus, or an information 
recording-medium interface means. 

The above-mentioned high-order apparatus receives the control information over the above- 
mentioned control I ed-system apparatus from a service center through the above-mentioned 
external network. 

It is in the service offer system through the means of communication characterized by 
having the composition which transmits this reception control information to the above- 
mentioned control I ed-system apparatus through a local network or an information recording 
med i urn. 

[0008] Further, in one embodiment of the service offer system through the means of 
communication of this invention, the above-mentioned service center and the above- 
mentioned high-order apparatus have an attestation processing means, and the data 
transmission and reception between the above-mentioned service center and the above- 
mentioned high-order apparatus are characterized by being the composition performed only 
-when- attestation -by attestation- processing is materia-H-zed-. - - — - - ■-- 
[0009] Further, in one embodiment of the service offer system through the means of 
communication of this invention, the above-mentioned high-order apparatus and the above- 
mentioned control I ed-system apparatus have an attestation processing means, and the data 



transmission and reception between the above-mentioned high-order apparatus and the above- 
mentioned control I ed-system apparatus are characterized by being the composition performed 
only when attestation by attestation processing is materialized. 

[0010] In one embodiment of the service offer system through the means of communication of 
this invention, the above-mentioned high-order apparatus and the above-mentioned 
control I ed-system apparatus have an attestation processing means, and the data transfer 
through the above-mentioned information recording medium between the above-mentioned high- 
order apparatus and the above-mentioned control I ed-system apparatus carries out that it is, 
the composition of performing with the feature further, only when attestation by 
attestation processing of the above-mentioned information recording medium by the above- 
mentioned high-order apparatus and the above-mentioned control I ed-system apparatus is 
materialized. 

[0011] It carries out that the above-mentioned service center has further the composition 
which performs apparatus justification verification processing by having the apparatus 
information data base which registered the apparatus identifier of the above-mentioned 
high-order apparatus and control I ed-system apparatus, and performing collation processing 
with the apparatus identifier registered into this apparatus information data base, and 
the apparatus identifier which receives from the above-mentioned high-order apparatus or 
control I ed-system apparatus in one embodiment of the service offer system through the 
means of communication of this invention with the feature. 
[0012] In one embodiment of the service offer system which minded the means of 
communication of this invention further the above-mentioned service center 
The user discernment data which have the user information data base which registered the 
user identifier of the above-mentioned high-order apparatus and control I ed-system 
apparatus, and were registered into this user information data base, 

By performing collation processing with the user discernment data received from the above- 
mentioned high-order apparatus or control I ed-system apparatus, it is characterized by 
having the composition which performs user justification verification processing. 
[0013] In one embodiment of the service offer system through the means of communication of 
this invention, the data transmitted and received between the above-mentioned service 
center and the above-mentioned high-order apparatus are further characterized by being the 
data with which encryption processing was made using the effective session key only in the 
communication session concerned. 

[0014] In one embodiment of the service offer system through the means of communication of 
this invention, the data transmitted between the above-mentioned high-order apparatus and 
the above-mentioned control I ed-system apparatus are further characterized by being the 

data -w-i th- wh i ch -encrypti on- process ing -was- made -using the- effect i ve -session- key only in the 

communication session concerned. 

[0015] In one embodiment of the service offer system minded in the means of communication 
of this invention, it carries out that the above-mentioned service center is the 



composition of providing one service of apparatus diagnostic processing, apparatus 
restoration processing, data backup processing, data restoration processing, data 
distribution processing, help data offer processing, and operation information service 
processing to the above-mentioned control I ed-system apparatus with the feature further. 
[0016] Further, in one embodiment of the service offer system through the means of 
communication of this invention, attestation processing between the above-mentioned 
service center and the above-mentioned high-order apparatus is performed with a public-key 
crypto system, and it is characterized by the attestation processing between the above- 
mentioned high-order apparatus and the above-mentioned control I ed-system apparatus being 
composition performed with the system of either a public-key crypto system or a common key 
encryption system. 

[0017] Further, in one embodiment of the service offer system through the means of 
communication of this invention, data communication between the above-mentioned service 
center and the above-mentioned high-order apparatus is performed with a common key 
encryption system, and data communication between the above-mentioned high-order apparatus 
and the above-mentioned control I ed-system apparatus is characterized by being the 
composition performed with a common key encryption system. 
[0018] Further the 2nd side of this invention 

It is the service offer method of offering the control information over control I ed-system 
apparatus through a means of communication. 

The data transmitting step which transmits the control information for which scrambling 
was made from the service center to the high-order apparatus connected with this service 
center through a means of communication, 

The data transfer step which transmits the encryption control information which the above- 
mentioned high-order apparatus received to the above-mentioned control I ed-system apparatus 
through a local network interface or an information recording medium as decode control 
information decoded in the above-mentioned high-order apparatus as encryption control 
information, 

It is in the service offer method characterized by £r^f(ing). 
[0019] It has the attestation processing step which performs attestation processing 
between the above-mentioned service center and the above-mentioned high-order apparatus 
before the data transmitting step to the above-mentioned high-order apparatus from the 
above-mentioned service center in one embodiment of the service offer method through the 
means of communication of this invention, and it carries out that the above-mentioned data 
transmitting step performs only when materialized in the attestation in the above- 
mentioned attestation processing step with the feature further. 

[0020]_l.n_one -embodi ment -of-- the-ser v-i ce- offer method-through-the-means- of- commun i cati on of — - - 

this invention, it has further the attestation processing step which performs attestation 
processing between the above-mentioned high-order apparatus and the above-mentioned 
control I ed-system apparatus before the data transfer step to the above-mentioned 



control I ed-system apparatus from the above-ment i oned high-order apparatus, and it carries 
out that the above-mentioned data-transfer step performs only when materialized in the 
attestation in the above-mentioned attestation processing step with the feature. 
[0021] In one embodiment of the service offer method which minded the means of 
communication of this invention further 

[ when data transfer between the above-mentioned high-order apparatus and the above- 
mentioned control I ed-system apparatus is performed as data transfer through an information 
recording medium ] 

It has the attestation processing step which performs attestation processing of the above- 
mentioned information recording medium by the above-mentioned high-order apparatus and the 
above-mentioned control I ed-system apparatus, and the above-mentioned data transfer step is 
characterized by performing, only when the attestation in the above-mentioned attestation 
processing step is materialized. 

[0022] It is characterized by for the above-mentioned service center to perform further 
the apparatus justification verification processing step by collation processing with the 
apparatus identifier which has the apparatus information data base which registered the 
apparatus identifier of the above-mentioned high-order apparatus and control I ed-system 
apparatus, and was registered into this apparatus information data base, and the apparatus 
identifier which receives from the above-mentioned high-order apparatus or control I ed- 
system apparatus in one embodiment of the service offer method through the means of 
communication of this invention. 

[0023] The above-mentioned service center has the user information data base which 
registered the user identifier of the above-mentioned high-order apparatus and control led- 
system apparatus, and is further characterized by to perform the user justification 
verification processing step by collation processing with the user discernment data 
registered into this user information data base, and the user discernment data received 
from the above-mentioned high-order apparatus or control I ed-system apparatus in one 
embodiment of the service offer method through the means of communication of this 
invention. 

[0024] In one embodiment of the service offer method through the means of communication of 
this invention, either the above-mentioned service center or the above-mentioned high- 
order apparatus generates an effective session key only in the communication session 
concerned further as a key which enciphers the data transmitted and received mutually, and 
it is characterized by performing the above-mentioned scrambling as encryption processing 
with the generated session key. 

[0025] In one embodiment of the service offer method through the means of communication of 

±his. invention,, -either the- above-ment i-oned -high-order -apparatus or the~above=ment iohed ~ 

control I ed-system apparatus generates an effective session key only in the communication 
session concerned further as a key which enciphers the data transmitted and received 



mutually, and it is characterized by performing the above-mentioned scrambling as 
encryption processing with the generated session key. 

[0026] In one embodiment of the service offer method minded in the means of communication 
of this invention, it carries out that the above-mentioned service center provides one 
service of apparatus diagnostic processing, apparatus restoration processing, data backup 
processing, data restoration processing, data distribution processing, help data offer 
processing, and operation information service processing to the above-mentioned 
control I ed-system apparatus with the feature further. 

[0027] Further, in one embodiment of the service offer method through the means of 
communication of this invention, attestation processing between the above-mentioned 
service center and the above-mentioned high-order apparatus is performed with a public-key 
crypto system, and it is characterized by the attestation processing between the above- 
mentioned high-order apparatus and the above-mentioned control I ed-system apparatus being 
composition performed with the system of either a public-key crypto system or a common key 
encryption system. 

[0028] Further, in one embodiment of the service offer method through the means of 
communication of this invention, data communication between the above-mentioned service 
center and the above-mentioned high-order apparatus is performed with a common key 
encryption system, and data communication between the above-mentioned high-order apparatus 
and the above-mentioned control I ed-system apparatus is characterized by being the 
composition performed with a common key encryption system. 

[0029] The 3rd side of this invention is further to the service agency equipment 
characterized by to have the composition which transmits the encryption control 
information about the control I ed-system apparatus of the interface means against an 
external network, a scrambling means perform scrambling, and a local network interface 
means or an information recording-medium interface means which has either at least and 
received from the service center through the above-mentioned external network to 
control I ed-system apparatus through the above-mentioned local network interface means or 
an information recording-medium interface means. 

[0030] In one embodiment of the service agency equipment of this invention, it is further 
characterized by the above-mentioned scrambling means being the composition of having 
stored the processing algorithm which performs attestation processing with the above- 
mentioned service center, and attestation processing with the above-mentioned control I ed- 
system apparatus. 

[0031] — further — one embodiment of the service agency equipment of this invention — 
setting — the above-mentioned scrambling means — a public-key crypto system and a common 

. key encr-ypt-ion- system— it- 4s character i zed by having the~ compos itton' whfch can" respond " 

to any processing system. 

[0032] Further the 4th side of this invention 



It is the program offer medium which offers the computer program which makes service offer 
processing in which the control information over control I ed-system apparatus is offered 
through a means of communication perform on computer systems. 

The data receiving step which receives the control information for which scrambling to 
which the above-mentioned computer program is transmitted through a means of communication 
from a service center was made, 

The data transfer step which transmits the received encryption control information to the 
above-mentioned control I ed-system apparatus through a local network interface or an 
information recording medium as decode control information decoded in the above-mentioned 
high-order apparatus as encryption control information, 

It is in the program offer medium it is supposed that is characterized by £r^(ing). 
[0033] the program offer medium concerning the 4th side of this invention — for example, 
it is the medium which offers a computer program in form [ be / computer / it / readable ] 
to the general purpose computer system which can perform various program codes. 
As for a medium, the forms in particular, such as transmission medias, such as storage 
media, such as CD, and FD, MO, or a network, are not limited. 

[0034] Such a program offer medium defines the collaboration-relation on the structure of 
the computer program and offer medium for realizing the function of a predetermined 
computer program, or a function on computer system 
s. 

If it puts in another way, by installing a computer program in computer systems through 
this offer medium, on computer systems, a collaboration-action is demonstrated and the 
same action effect as other sides of this invention can be acquired. [0035] Since the 
apparatus and the service center of [action] book invention are enciphering transmitting 
data while they perform attestation processing mutually and perform a check of a 
communication partner, the safe data transmission and reception of them are attained. 
Furthermore, it cannot have a means of communication for an external network, but the 
apparatus which does not make direct connection can also perform communication with a 
service center to a service center safely through an external network and the high-order 
apparatus which makes direct connection. 

[0036] The purpose, the feature, and advantage of further others of this invention will 
become clear [ rather than ] by detailed explanation based on the case of the operation 
and the drawing to attach of this invention mentioned later. 

[0037] [Form of implementation of invention] [system outline] figure 1 is the service 
offer system through the means of communication of this invention, the service offer 
method, and a block diagram explaining the outline of service agency equipment. 
_ TM system. of th i s i nvent ion- goes v ia the h i gh-order apparatus 20 as serv i ce "agency 
equipment which performs data transmission and reception with the service center 10 and 
service center 10 which offer the service to a user machine, and high-order apparatus 20. 



The telephone line which ties the control I ed-system apparatus (low rank apparatus) 30 
which receives the control from a service center 10 etc., and a service center 10 and 
high-order apparatus 20, 

Between external network means of communication, such as a CATV circuit, a satellite, 
radio, and the Internet, high-order apparatus 20, and control I ed-system apparatus (low 
rank apparatus) 30 is connected, for example, it consists of a local network which can 
communicate with communication interfaces, such as IEEE1394 and USB. 
In addition, it is also possible to become control I ed-system apparatus by which high-order 
apparatus 20 the very thing receives the control from a service center 10, a maintenance, 
etc., and the high-order apparatus 20 shown in Fig. 1 bottom shows this mode. 
[0038] Explain each component shown in Fig. 1. 

As for the apparatus of the users of this invention, high-order apparatus 20 and 
control I ed-system apparatus (low rank apparatus) 30 are roughly divided into two kinds. 
Hereafter, the composition of each apparatus and a service center is explained. 
[0039] The high-order apparatus 20 as <high-order apparatus> service agency equipment is 
apparatus which has the means of communication in which the data transmission and 
reception through the modem in which communication through a service center 10 and a 
telephone line is possible or a CATV circuit, a satellite, other radio circuits, etc. are 
possible. 

Moreover, as shown in the upper part of Fig. 1, it has a means for transmitting the data 
from a service center 10, or transmitting the transmitting data from control I ed-system 
apparatus (low rank apparatus) 30 to a service center 10 to control I ed-system apparatus 
(low rank apparatus) 30. 

[0040] The composition of high-order apparatus 20 is shown in Fig. 2. 

High-order apparatus 20 is equipped with the local interface 208 as the interface 

sections, such as IEEE1394 (connection standard by U.S. Institute of Electrical and 

Electronic Engineers), and USB (Universal Serial Bus), used since the local network for 

connection with the control I ed-system apparatus 30 which receives service is constituted, 

and data communication with other apparatus is possible for it. 

The communication with high-order apparatus 20 and a service center 10 has the 

composition, then the external interface 206 which was good and followed each [ these ] 

correspondence procedure performed by a telephone line, the cable TV circuit, a radio 

circuit, satellite connection, an Internet connectivity, etc. 

[0041] High-order apparatus 20 is equipped with the encryption communication I C 205 as IC 
of the exclusive use which performs control of encryption and attestation, or 
communication. 

_ .-.Operation- required -in-order -to -use a- public-key-crypto system and a- common key encryption 

system is possible for this encryption communication IC 205. 



Moreover, IC is equipped with a memory means to store an identifier (apparatus ID) 
peculiar to high-order apparatus 20, and this ID is used in the case of attestation of 
apparatus. 

As for encryption / attestation communication IC 205, it is desirable to be constituted as 
SAM (Secure Application Module) so that rewriting of ID etc. cannot be performed from the 
exterior. 

[0042] A service center 10 publishes the apparatus ID stored in the encryption 
communication IC 205, and published ID is registered into the data base of a service 
center. 

In addition, in order to raise security, it is good also as composition which performs 
verification which used the verification bit of Apparatus ID at the time of the service 
implementation by a service center 10 by considering it as the data composition which gave 
redundancy, such as adding for example, a verification bit, to Apparatus ID. 
By considering it as such composition, it becomes possible to eliminate for service 
apparatus with inaccurate ID other than regular ID which the service center 10 published. 
[0043] The public key certificate corresponding to the group of the public key and secret 
key of high-order apparatus 20 self which are needed when using a public-key crypto 
system, and its public key is beforehand recorded on the memory section of the encryption 
communication IC 205 of apparatus. 

The certificate issue organization which can trust it, and the so-called certificate 
authority (CA: Certificate Authority) publish a public key certificate. 
[0044] Take the data transfer composition which transmits required information, namely, 
took security into consideration after checking that a data sending end and the data 
reception side were the regular candidates for data transceiver mutually in the service 
offer system through the means of communication of this invention. 

One technique of realizing security composition in the case of data transfer is encryption 
processing of transmission data. 

[0045] Encryption data can be returned to the decode data which can be used by decryption 
processing in a predetermined procedure. 

There are the so-called various common key encryptosystem-ized systems using a key common 
to encryption and decryption as a typical example although seeds are, and a public-key 
crypto system using a key which is different in encryption and decryption in the mode of 
the data encryption and the decryption method using an encryption key and a decryption 
key. 

A public-key crypto system is taken as the secret key which keeps one key as what is 
different in the key of an addresser and a receiving person, and keeps another side secret 

as a jubJ.Lc.Aey_.which_an-unspec-if-ied user can-use^ - - — - 

For example, use a data encryption key as a public key, and let a decode key be a secret 
key. 



[0046] Since one specific person should just have the secret key which has the necessity 
of keeping it secret in a public-key crypto system unlike the so-called common key 
encryption system using a key common to encryption and decryption, it is advantageous in 
management of a key. 

However, many public-key crypto systems for an object with few [ as compared with a common 

key encryptosystem-ized system, a processing data rate is slow, and ] amounts of data, 

such as delivery of a secret key and a digital signature, are used. 

A RSA (Ri vest-Shamir-Ad I eman) code is one of the typical things of a public-key crypto 

system. 

This uses the product of two very big prime numbers (for example, 150 figures), and uses 
the difficulty of the processing of the product of two big prime numbers (for example, 150 
figures) which carries out factorization into prime factors. 

[0047] In the public-key crypto system, many methods of using the certificate proving 
whether the public key which is the composition whose use is enabled and distributes a 
public key to many and unspecified persons is just, and the so-called public key 
certificate are used. 

For example, User A generates the pair of a public key and a secret key, sends the 
generated public key to a certificate authority, and a public key certificate comes to 
hand from a certificate authority. 
Generally User A exhibits a public key certificate. 

An unspecified user receives a public key through a predetermined procedure from a public 
key certificate, enciphers a document etc., and sends to User A. 
User A is the system of decoding an encryption document etc. using a secret key. 
[0048] A public key certificate is a certificate which the certificate authority 
(CA: Cert if icate Authority) in a public-key crypto system publishes, and when a user 
submits self ID, a public key, etc. to a certificate authority, it is a certificate which 
the certificate authority side adds information, such as ID of a certificate authority, 
and the term of validity, adds the signature by a certificate authority further, and is 
drawn up. 

[0049] A public key certificate includes public key and electronic signature of the 
algorithm used for the version number of a certificate, the consecutive numbers of the 
certificate which a certificate authority (I A) assigns to a certificate user, and 
electronic signature and a parameter, the name of a certificate authority, the term of 
validity of a certificate, a certificate user's name (user ID), and a certificate user. 
[0050] Electronic signature is the data which generated the hash value with the 
application of the Hash Function to the whole public key data of the name of the algorithm 

used for the .version number-of-axerti-f icate, the consecuti ve- numbers -of -the cert if icate 

which a certificate authority assigns to a certificate user, and electronic signature and 
a parameter, the name of a certificate authority, the term of validity of a certificate, 



and a certificate user, and a certificate user, and were generated using the secret key of 
a certificate authority to the hash value. 

[0051] a certificate authority updates the public key certificate with which the term of 
validity went out, and processes creation of the inaccurate person list of [ for excluding 
the user who performed injustice ], management, distribution (this — V^^r^ i/s"y\ — 
referred to as Revocation), etc. while it publishes a public key certificate. 
[0052] On the other hand, in case this public key certificate is used, using the public 
key of the certificate authority which self holds, a user verifies the electronic 
signature of the public key certificate concerned, after he succeeds in verification of 
electronic signature, he picks out a public key from a public key certificate, and uses 
the public key concerned. 

Therefore, all the users using a public key certificate need to hold the public key of a 
common certificate authority. 

The public key of a certificate authority is stored in the internal memory of the 
encryption communication IC 205 by the high-order apparatus 20 shown in Fig. 2 of this 
invention. 

[0053] In addition, in case the public key of high-order apparatus and a secret key 
perform apparatus registration to a service center 10, its high-order apparatus is newly 
good also as generation or composition which a service center generates, receives this and 
is stored in high-order apparatus, and in this case, if the public key certificate is 
required, they will be separately acquired from a certificate authority. 
[0054] Moreover, high-order apparatus 20 can store the group of two or more keys, and can 
change the group of a key for every service center which apparatus connects, and every 
service. 

Local connection of the control I ed-system apparatus 30 as various low rank apparatus is 
possible, for example, if control I ed-system apparatus 30 is A maker's television, the 
composition of using the key for service center connection of B maker using the key for 
service center connection of A maker, if control I ed-system apparatus 30 is B maker's air- 
conditioner is attained at high-order apparatus 20. 

Further high-order apparatus 20 [0055] Processing control of the encryption communication 
IC 205, 

CPU201 for controlling various processings through each interface, such as communication 
control and data access control of storage 210, the temporary storage of communication 
data, 

The control unit 209 which enables directions of the communication start by the display 
section 203 and the user who display the directions data to the memory 202 constituted by 
_RAM which functions as- the- storing -sect Hon of- a process ing -program; ROM; -etc ~ and the 
user who operates apparatus etc., a hard disk, CD, 
It has the storage 210 constituted with DVD etc. 



[0056] High-order apparatus 20 has further the apparatus peculiar section 204 which offers 
the function of apparatus original. 

If the apparatus peculiar section 204 is a processing circuit, a strange recovery circuit 
or a magnetic drum, the tape drive section, etc. of receiving data if apparatus is a 
videocassette recorder, for example, it is a microwave oven etc., it includes the 
processing function of a microwave oven. 

Furthermore, you may constitute high-order apparatus 20 so that data may be recorded on a 

memory stick and an information recording medium 211 like FD, CD, and DVD. 

In that case, it has the interface 207 with the information recording medium 211. 

[0057] <Control led-system apparatus (low rank apparatus)) control I ed-system apparatus (low 

rank apparatus) 30 is apparatus without a direct connection means with an external 

network, and is apparatus which is connected to high-order apparatus 20 through a local 

network, and receives various services, such as control from a service center 10, and a 

maintenance. 

[0058] Two examples of composition of control led-system apparatus (low rank apparatus) 30 
are shown in Fig. 3 and Fig. 4. 

Contro 1 1 ed-system apparatus (low rank apparatus) 30 is the composition of having the local 
network interface 307 for connecting with high-order apparatus, and is connected with 
high-order apparatus 20 through this local network interface 307, and Fig. 3 receives 
control of the service center 10 received through high-order apparatus 20. 
This mode is called online type low rank apparatus. 

[0059] On the other hand, the control led-system apparatus (low rank apparatus) 30 shown in 
Fig. 4 is composition without the local network interface for connecting with high-order 
apparatus, and receives control based on the control information and maintenance 
information which were stored in the information recording media 310, such as a memory 
card, and CD, FD. 

The control information received from the service center 10 is stored in the information 
recording medium 211 of the high-order apparatus of the above-mentioned figure 2, and it 
makes it possible to perform control from a service center 10 as off-line control by 
attaching this in control led-system apparatus (low rank apparatus) 30. 
[0060] Explain the composition of control led-system apparatus (low rank apparatus) 30. 
In the online type case of Fig. 3, since the control led-system apparatus (low rank 
apparatus) 30 which receives service constitutes the local network for connection with 
high-order apparatus 20, it is equipped with the local interface 307 as the interface 
sections, such as IEEE1394 and USB (Universal Serial Bus), and data communication with 
high-order apparatus 20 is possible for it. 

_[006J ]_Contro LLedrs.ystem -apparatus- (low- rank appar-atus)-30 -is -equ i pped-w ith-the -encr ypt i on — — 
communication I C 305 as IC of the exclusive use which performs control of encryption and 
attestation, or communication. 



Operation required in order to use a public-key crypto system and a common key encryption 
system is possible for this encryption communication IC 305. 

Moreover, operation required in order to use a public-key crypto system and a common key 
encryption system is possible for the encryption communication IC 305. 
However, since high operation capability is required in order to use a public-key crypto 
system, it is good also as composition which enables use only of a common key encryption 
system in the apparatus which has restrictions in resources. 

[0062] The public key certificate corresponding to the group of the public key and secret 
key which are needed when using a public-key crypto system, and its public key is 
beforehand recorded on the internal memory of the encryption communication IC 305 of 
control I ed-system apparatus (low rank apparatus) 30. 

The certificate issue organization which can trust it, and the so-called certificate 
authority (CA:Certif icate Authority) publish a public key certificate like the case of the 
high-order apparatus 20 mentioned above. 

In addition, in case the public key of control I ed-system apparatus (low rank apparatus) 30 
and a secret key perform apparatus registration to a service center 10, they are newly 
good also as generation or composition which a service center generates, receives this and 
is stored in apparatus, and in this case, if the public key certificate is required, they 
will be separately acquired from a certificate authority. 

Moreover, control I ed-system apparatus (low rank apparatus) 30 is good also as composition 
whose storing of the group of two or more keys was enabled, and good also as composition 
which made it possible to change the group of a key for every service center which 
apparatus connects, and every service. 

In addition, the public key of a service center 10 is beforehand recorded on the internal 
memory of the encryption communication IC 305 of apparatus. 

In addition, in considering it as the composition only using a common key encryption 
system, a common key is published by the service center 10 and it stores it in the 
internal memory of the encryption communication IC 305 of control I ed-system apparatus (low 
rank apparatus) 30. 

In addition, corresponding to the identifier (ID) of control I ed-system apparatus (low rank 
apparatus) 30, a service center may hold a common key. 
[0063] Control I ed-system apparatus (low rank apparatus) 30 

Furthermore, processing control of the encryption communication IC 305, communication 
control through each interface, 

CPU301 for controlling various processings, such as data access control of storage 309, 
the temporary storage of communication data, 

The contro l un i t 308- whi ch- enab l es -d i rect ions- of -the-communicati on - start by the - display 

section 303 and the user who display the directions data to the memory 302 constituted by 
RAM which functions as the storing section of a processing program, ROM, etc., and the 
user who operates apparatus etc., a hard disk, CD, 



It has the storage 309 constituted with DVD etc. 

[0064] Control I ed-system apparatus (low rank apparatus) 30 has further the apparatus 
peculiar section 304 which offers the function of apparatus original. 
Furthermore, you may constitute control I ed-system apparatus (low rank apparatus) 30 so 
that data may be recorded on a memory stick and an information recording medium 310 like 
FD, CD, and DVD. 

In that case, it has the interface 306 with the information recording medium 310. 

In the off-line type case of Fig. 4, the control information from a service center 10 is 

received through this information recording medium 310. 

With the online type composition of Fig. 3, any method becomes possible through the 
information recording medium 310 through a local network. 

[0065] That is, in the online type of Fig. 3, in case control I ed-system apparatus (low 
rank apparatus) 30 receives service, connect with high-order apparatus 20 using the local 
network interface 307, and connect it with a service center 10 using the connection 
capability of the external interface 206 of high-order apparatus 20. 
At this time, control I ed-system apparatus (low rank apparatus) 30 performs communication 
control uniquely. 

Moreover, high-order apparatus 20 connects with a center as a substitute of control I ed- 
system apparatus (low rank apparatus) 30, data are transmitted and received, in the off- 
line type of Fig. 4, control I ed-system apparatus (low rank apparatus) 30 records the data 
on an information recording medium by high-order apparatus 20, and moves the information 
recording medium to control I ed-system apparatus (low rank apparatus) 30, and control I ed- 
system apparatus (low rank apparatus) 30 reads data from the information recording medium. 
[0066] Although the online type of Fig. 3 mentioned above and the off-line type 
control I ed-system apparatus (low rank apparatus) 30 of Fig. 4 have the encryption 
communication IC 305 and explained it as possible composition of encryption processing in 
addition 

It is good also as composition equipped only with IC which does not encipher in low rank 
apparatus but controls communication, and the high-order apparatus which made off-line 
connection through online connection or a storage medium through the communication line in 
this case is able to execute encryption processing of the contents of communication by 
proxy. 

Attestation by an apparatus identifier (ID) is performed for attestation with the 

control I ed-system apparatus 30 in this case (low rank apparatus), and high-order apparatus 

20. 

[0067] The example of composition of the <service center> service center 10 is shown in 

_Fig._ 5l - — - 

A service center 10 consists of the external network interface 105 and the encryption 
communication IC 104, the data base 103 for service offer, the apparatus information data 



base 106, the user information data base 107, CPU101, memory 102, and a data bus that 
connects these further. 

[0068] The encryption communication IC 104 processes communication with high-order 
apparatus 20 and encryption of data, attestation of the apparatus for service offer, etc. 
The center identifier (ID) peculiar to a service center is recorded on this encryption 
communication IC 104, and this is used in the case of mutual recognition with each 
apparatus which serves as a communication partner. 

[0069] Operation required in order to use a public-key crypto system and a common key 
encryption system is possible for the encryption communication IC 104 of a service center 
10. 

As for tz~£ for communication, the information on the identifier (ID) of each [ for 
service ] apparatus, a public key, etc. is stored in the apparatus information data base 
106. 

In the case of the apparatus which uses a common key encryption system in data 
communication, Apparatus ID and the common key corresponding to it are beforehand stored 
in this apparatus information data base 106. 

[0070] The apparatus which receives offer of the service from a service center 10 is 
managed in the user information data base 107, and the identifier (ID) of the user who 
performs payment processing of the counter value of service etc., i.e., a service user, 
each user's sett I ement-of-accounts information, etc. are stored in it. 
Data required in order to offer service are stored in the data base 103 for service offer. 
CPU101 controls various processings, such as processing control of the encryption 
communication IC 104, communication control through each interface, and data access 
control of each storage, and memory 102 is constituted by RAM, ROM, etc. which function as 
the temporary storage of communication data, and the storing section of a processing 
program. 

[0071] As a public-key crypto system used in the service offer system through the means of 
communication of [encryption / attestation level] book invention, it is possible to use 
code systems, such as DES, as a common key encryption system, and RSA etc. may take 
required intensity etc. into consideration and may use a suitable system. 
[0072] Fig. 6 summarizes the connection form between the service center 10 in this 
invention, and high-order apparatus 20 and control I ed-system apparatus (low rank 
apparatus) 30, and encryption / attestation level. 

[0073] A service center 10 and high-order apparatus 20 are connected in the external 
network. 

Moreover, encryption and attestation use a public-key crypto system. 

There are si x k inds of- forms of - connect ion - between _ hrgh-order apparatus 20 "and "control led- 

system apparatus (low rank apparatus) 30. 

Namely, when (1) control I ed-system apparatus (low rank apparatus) 30 can connect with a 
local network and a public-key crypto system can be used, 



(2) When control I ed-system apparatus (low rank apparatus) 30 can connect with a local 
network and only a common key encryption system can be used, 

(3) When control I ed-system apparatus (low rank apparatus) 30 can connect with a local 
network and a code cannot be used, 

(4) When data exchange is possible for control I ed-system apparatus (low rank apparatus) 30 
and it can use a public-key crypto system by movement of a recording medium, 

(5) When data exchange is possible for control I ed-system apparatus (low rank apparatus) 30 
and it can use only a common key encryption system by movement of a recording -medium, it 
is the case where data exchange is possible for (6) control I ed-system apparatus (low rank 
apparatus) 30, and it cannot use a code by movement of a recording medium. 

In addition, two or more low rank apparatus can be connected to one high-order apparatus, 
and communication with control I ed-system apparatus (low rank apparatus) various type of 
high-order apparatus 20 is attained by considering it as the composition which can respond 
to two or more code systems. 

In addition, high-order apparatus can identify a subordinate's low rank apparatus by 
referring to the apparatus ID of control I ed-system apparatus (low rank apparatus). 
[0074] Offer processing of the remote service using the service center 10 of the high- 
order apparatus 20 in the service offer system through the means of communication of 
[whole flow] book invention and control I ed-system apparatus (low rank apparatus) 30 is 
explained below. 

[0075] The figure from Fig. 7 to Fig. 10 is a flow figure having shown briefly the flow of 

processing until [whole ] it results [ from a service start ] in an end. 

The latter part explains the details of the processing included in these flows. 

First, the outline of the flow of processing of the service offer system of this invention 

is explained using Figs. 7-10. 

[0076] As first shown in the flow of Fig. 7, in connecting high-order apparatus 20 for the 
first time to a service center 10 through a network, it performs apparatus registration to 
the service center 10 shown in Step S701. 

When the processing at the time of first connection is completed, it moves to cases, such 
as the processing which does not need apparatus registration, for example, free 
maintenance offer etc., at the step of apparatus attestation shown in Step S702. 
An apparatus attestation processing flow is shown in Fig. 7. 

This is a procedure to which high-order apparatus 20 and a service center 10 check a 
communication partner's justification mutually. 

The latter part explains in detail the apparatus registration protocol and apparatus 
Challenge Handshake Authentication Protocol which are shown in a figure. 

[00771 -By- performing- Challenge* Handshake Aut-hent-ieat-i on Protocol shown- in Fig. ■?,— 

inaccurate apparatus can receive service or it can prevent communicating with a service 
center 10 accidental ly. 



When apparatus attestation of Step S702 goes wrong, processing is stopped after performing 
error hand I ing. 

When it succeeds in apparatus attestation, user registration will be performed if 
required. 

[0078] Register required information, such as the user information on apparatus, for 
example, a name, a credit card number for courtesy-rates settlement of accounts, or a bank 
account number, into the user information data base (107 shown in Fig. 5) of a service 
center 10 in the user registration procedure shown in Fig. 8 (Step S801). 
Information registration (Step S802) required for user authentication, such as a password, 
after that is also performed. 

[0079] Fig. 9 is processing the upper row indicates user information change procedure, 
such as user information, for example, a name, and a credit number, to be, and the lower 
berth is the flow which shows the change procedure of information required for user 
authentication, such as a password. 

In user information change procedure, user authentication (Step S901) is performed first. 
This is for preventing persons other than a just user changing others' user information 
unjustly. 

When user authentication goes wrong, processing is stopped after performing error 
hand I i ng. 

When it succeeds in user authentication, user information registration (Step S902) is 
performed continuously. 

[0080] If registration of user information is completed, it will restrict, when required 
and information required for user authentication, for example, the user authentication 
information change procedure of a password, will be performed. 

In user authentication information change procedure, user authentication is performed 
first. 

This is for preventing persons other than a just user changing user authentication 
information, such as others' password, unjustly. 

When user authentication goes wrong, processing is stopped after performing error 
hand I i ng. 

When it succeeds in user authentication, user authentication information is changed 
continuously (Step S903). 

The above procedure is completed, and in giving one's service, it performs service 
implementation procedure. 

[0081] Execution processing of services, such as control of control I ed-system apparatus 
and a maintenance, i.e., a service implementation procedure flow, is shown in Fig. 10. 

I n .service -imp l ementat i on procedure, i f- requ i red; -user -aut-hent i cat i on~w H I -be -performed — 

first. 

This is for preventing persons other than a just user receiving service unjustly. 
Whether user authentication is performed changes with services. 



When user authentication goes wrong, processing is stopped after performing error 
hand I ing. 

When it succeeds in user authentication, its service is given continuously. 

After service is completed, when not ending connection, procedure after the time of an 

apparatus attestation end is performed again. 

[0082] The protocol which registers [each protocol] (1) apparatus registration protocol a. 
high-order apparatus t.T and high-order apparatus 20 to a service center 10 is explained. 
This protocol is a protocol for registering Apparatus ID, a model name, and an apparatus 
public key into the apparatus information data base of a center. 

[0083] As previous Fig. 6 explained, between high-order apparatus 20 and a service center 
10, mutual recognition and data communication are performed by a public-key crypto system. 
When the group of the public key and secret key of high-order apparatus itself [which is 
needed when using a public-key crypto system ] is beforehand stored in the internal memory 
of the encryption communication IC 205 of high-order apparatus 20, when it did not store 
these keys in the internal memory of the encryption communication IC 205 beforehand but 
connection with a service center 10 is needed, apparatus registration is performed to a 
service center 10, and there is two composition of composition of generating each key in 
that case. 

The protocol of the case former [ whose ] has been key stored is shown in Fig. 11, and the 
protocol in the case of generating a key is shown in Fig. 12. 
[0084] Explain processing of Fig. 11 and Fig. 12. 

When performing apparatus registration, high-order apparatus 20 transmits an apparatus 
registration start demand to a service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify to 

apparatus that an apparatus registration start is possible. 

A service center 10 transmits an own center identifier (ID) simultaneously. 

[0085] High-order apparatus 20 checks a center by the service center identifier (ID) sent 

from a service center 10, and transmits a high-order apparatus identifier (ID), an own 

model name, and an own public key certificate to a service center 10. 

The public key of a service center 10 is stored in the encryption communication IC 205 of 

high-order apparatus 20, and transmitting data are enciphered using this public key in the 

case of transmission to a service center 10. 

[0086] In addition, like the example shown in Fig. 12, when high-order apparatus 20 self 
generates the group of a key, the public key which high-order apparatus 20 generated 
instead of the public key certificate is transmitted to a center. 

[0087] Since it is enciphered with the public key of a service center 10, the transmitting 

data_f rom_h Lgb=or_der_ apparatus - 20 to a -service- center- -10 ean-e I i m i nate -a-possfbii i ty "that 

data contained in transmitting data, such as a high-order apparatus identifier (ID) and a 
model name, will be revealed to a third person, or will be altered. 



[0088] The center which received data, such as a high-order apparatus identifier (ID), 
decodes the data sent from high-order apparatus with the secret key of service center 10 
self. 

The high-order apparatus identifier in the decoded data (ID) is verified, and if it is a 
just identifier (ID), the high-order apparatus identifier (ID), the model name and public 
key certificate, or public key in transmitting data will be registered into the apparatus 
information data base 106. 

When the registration to a data base is completed normally, a service center 10 returns 
the notice of the completion of apparatus registration processing to high-order apparatus 
20. 

When decode of data or justification verification of a high-order apparatus identifier 
(ID), and the registration to a data base go wrong, a service center 10 returns the notice 
of an error to high-order apparatus 20. 

[0089] Explain the protocol which registers b. control I ed-system apparatus (low rank 
apparatus), next control I ed-system apparatus (low rank apparatus) 30 to a service center 
10. 

[0090] When control I ed-system apparatus (low rank apparatus) 30 performs apparatus 
registration, procedures differ by online type low rank apparatus and off-line type low 
rank apparatus. 

Furthermore, the apparatus which a public-key crypto system can use differs also from the 
apparatus which is not made. 

In addition, the high-order apparatus 20 which control I ed-system apparatus (low rank 
apparatus) 30 connects shall carry out apparatus Challenge Handshake Authentication 
Protocol between high-order apparatus 20 and a service center 10, before performing this 
procedure, and attestation shall be made between centers. 

[0091] The procedure in the case of using online type low rank apparatus for the online 
type low rank apparatus beginning of a b-1. public-key crypto system is shown in Fig. 13. 
When a public key can be used by online type low rank apparatus, and using a public-key 
crypto system, are needed. 

When the group of the public key and secret key of control I ed-system apparatus (low rank 
apparatus) 30 self is beforehand stored in the internal memory of the encryption 
communication IC 305 of control I ed-system apparatus (low rank apparatus) 30, 
These keys are not stored in the internal memory of the encryption communication IC 305, 
but when connection with a service center 10 is needed, apparatus registration is 
performed to a service center 10, and there is two composition of composition of 
generating each key in that case. 

Jhe_pr.otoc.oJ _o.f -the case_former- [ -whose ]- has-been -key -stored -i s shown- -in -Fi g. -1-3;- -and -the 

protocol in the case of generating a key is shown in Fig. 14. 
[0092] Explain processing of Fig. 13 and Fig. 14. 



When performing apparatus registration, control I ed-system apparatus (low rank apparatus) 
30 publishes an apparatus registration start demand to high-order apparatus 20 first. 
The high-order apparatus 20 which received this relays an apparatus registration start 
demand to a service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify that an 
apparatus registration start is possible to high-order apparatus 20. 
And high-order apparatus 20 notifies that an apparatus registration start is possible to 
control I ed-system apparatus (low rank apparatus) 30. 

[0093] If this apparatus registration start confirmative advice is received, control I ed- 
system apparatus (low rank apparatus) 30 will encipher the apparatus ID of control I ed- 
system apparatus (low rank apparatus) itself, a model name, and a public key certificate 
with the public key of a center, and will transmit them to high-order apparatus. 
In addition, as shown in Fig. 14, when low rank apparatus generates the group of a key, an 
own public key is transmitted to high-order apparatus 20 instead of a public key 
certificate. 

The high-order apparatus 20 which received this relays these receiving data to a service 
center as they are. 

[0094] Since it is enciphered with the public key of a service center 10, the data 
transmitted to high-order apparatus 20 and a service center 10 from control I ed-system 
apparatus (low rank apparatus) 30 can eliminate a possibility that data contained in 
transmitting data, such as a control I ed-system apparatus (low rank apparatus) identifier 
(ID) and a model name, will be revealed to a third person, or will be altered. 
[0095] The center which received data, such as a control I ed-system apparatus (low rank 
apparatus) identifier (ID), decodes the data sent from high-order apparatus with the 
secret key of service center 10 self. 

The control I ed-system apparatus (low rank apparatus) identifier in the decoded data (ID) 
is verified, and if it is a just identifier (ID), the control I ed-system apparatus (low 
rank apparatus) identifier (ID), the model name and public key certificate, or public key 
in transmitting data will be registered into the apparatus information data base 106. 
When the registration to a data base is completed normally, a service center 10 returns 
the notice of the completion of apparatus registration processing to high-order apparatus 
20. 

When decode of data or justification verification of a high-order apparatus identifier 
(ID), and the registration to a data base go wrong, a service center 10 returns the notice 
of an error to high-order apparatus 20. 

[0096] High-order apparatus 20 relays the notice of the completion of processing or the 
notice of an. error which received from the- service center- 10 to controMed-system ~ 
apparatus (low rank apparatus) 30. 

[0097] The online type low rank apparatus public-key crypto system of a b-2. common key 
encryption system cannot be used, but describe that a common key system can be used or the 



apparatus registration procedure of online type low rank apparatus without an encryption 
f unct i on. 

[0098] The protocol in this case is shown in Fig. 15. 

Processing until it notifies that an apparatus registration start is possible for high- 
order apparatus 20 to control I ed-system apparatus (low rank apparatus) 30 also in this 
case is the same. 

If control I ed-system apparatus (low rank apparatus) 30 receives apparatus registration 

start confirmative advice, control I ed-system apparatus (low rank apparatus) 30 will 

transmit own Apparatus ID and an own model name to high-order apparatus 20. 

[0099] Although the apparatus ID transmitted to high-order apparatus 20 in this case and 

model name information are not enciphered, since it is on a local network, it is thought 

that there are comparatively few problems of security compared with an external network. 

High-order apparatus 20 enciphers the information received from control I ed-system 

apparatus (low rank apparatus) 30 with the public key of a service center 10. 

That is, high-order apparatus 20 executes encryption of data by proxy. 

Since next processing is the same as that of the procedure in the case of the low rank 

apparatus which a public-key crypto system can use, explanation is omitted. 

[0100] Describe the apparatus registration procedure in the off-line type low rank 

apparatus of a b-3. public-key crypto system, then off-line type low rank apparatus. 

When a public-key crypto system can be used by off-line type low rank apparatus, and using 

a public-key crypto system, are needed. 

When the group of the public key and secret key of control I ed-system apparatus (low rank 
apparatus) 30 self is beforehand stored in the internal memory of the encryption 
communication IC 305 of control I ed-system apparatus (low rank apparatus) 30, 
These keys are not stored in the internal memory of the encryption communication IC 305, 
but when connection with a service center 10 is needed, apparatus registration is 
performed to a service center 10, and there is two composition of composition of 
generating each key in that case. 

The protocol of the case former [ whose ] has been key stored is shown in Fig. 16, and the 
protocol in the case of generating a key is shown in Fig. 17. 
[0101] Explain processing of Fig. 16 and Fig. 17. 

Control I ed-system apparatus (low rank apparatus) 30 attests an information recording 
medium first. 

The information recording medium 310 is a memory card, and attestation processing using 
the identifier of a memory card etc. is performed. 

If attestation is materialized, control I ed-system apparatus (low rank apparatus) 30 wi 1 1 
encipher _a_ contr.o Lledrsystem -apparatus- (low- rank- apparatus) identifier (-ID) r a model name" 
and an own public key certificate (Fig. 16), or an own public key (Fig. 17) with the 
public key of a service center, and will transmit it to the information recording medium 
310. 



[0102] After data transfer is completed, remove the information recording medium 310 from 
control I ed-system apparatus (low rank apparatus) 30 low-rank apparatus, and equip high- 
order apparatus 20. 

High-order apparatus 20 wi 1 1 start attestation of an information recording medium, if 
equipped with the information recording medium 211 (it is the same as the information 
recording medium 310). 

After information record i ng— med i urn attestation is completed, high-order apparatus 20 
transmits data from an information recording medium (read-out processing). 
High-order apparatus 20 gives an apparatus registration start demand to a service center 
10 as a substitute of control I ed-system apparatus (low rank apparatus) 30 after a 
transmission end. 

[0103] If a service center 10 is in the state which can meet the demand, it will notify 
that an apparatus registration start is possible to high-order apparatus 20. 
And high-order apparatus 20 transmits the data transmitted from the information recording 
medium 211 to a center as it is. 

The center which received data, such as a control I ed-system apparatus (low rank apparatus) 
identifier (ID) read from the information recording medium 211, decodes the data which 
high-order apparatus 20 relayed with the own secret key. 

The control I ed-system apparatus (low rank apparatus) identifier in the data decoded after 

that (ID) is verified, and if it is just ID, the received control I ed-system apparatus (low 

rank apparatus) identifier (ID), the model name and public key certificate (Fig. 16), or 

public key (Fig. 17) will be registered into the apparatus information data base 106. 

When the registration to a data base is completed normally, a service center 10 returns 

the notice of the completion of processing to high-order apparatus 20. 

When decode of data or justification verification of a control I ed-system apparatus (low 

rank apparatus) identifier (ID), and the registration to a data base go wrong, a service 

center 10 returns the notice of an error to high-order apparatus 20. 

High-order apparatus 20 transmits the notice of the completion of processing, or the 

notice of an error to the information recording medium 211. 

Then, the information recording medium 211 is moved to control I ed-system apparatus (low 
rank apparatus) 30 from high-order apparatus 20. 

Control I ed-system apparatus (low rank apparatus) 30 transmits the notice from a service 
center 10 from an information recording medium, after performing information recording- 
medium attestation. 

If the contents of a notice are the notices of an error, apparatus registration will be 
tried again. 

_ [0104]- The -off-l i ne type - l ow-rank apparatus pub l i e-key crypto system of a b-4: common key 

encryption system cannot be used, but describe that a common key system can be used or the 
apparatus registration procedure of off-line type low rank apparatus without an encryption 
function. 



The protocol in this case is shown in Fig. 18. 

Control I ed-system apparatus (low rank apparatus) 30 attests the information recording 
medium 310 first. 

Then, control I ed-system apparatus (low rank apparatus) 30 transmits own Apparatus ID and 
an own model name to the information recording medium 310. 

After transmission is completed, the information recording medium 310 is removed from 
control I ed-system apparatus (low rank apparatus) 30, and high-order apparatus 20 is 
equipped. 

[0105] High-order apparatus 20 will start attestation of the information recording medium 
211, if equipped with the information recording medium 211 (= information recording medium 
310). 

After attestation of the information recording medium 211 is completed, high-order 
apparatus 20 transmits data from the information recording medium 211. 
High-order apparatus 20 transmits an apparatus registration start demand to a service 
center 10 after a transmission end. 

If a service center 10 is in the state which can meet the demand, it will notify that an 
apparatus registration start is possible to high-order apparatus 20. 
High-order apparatus 20 enciphers the data transmitted from the information recording 
medium 211 with the public key of a service center 10, and transmits them to a center. 
The center which received data, such as a control I ed-system apparatus (low rank apparatus) 
identifier (ID) read from the information recording medium 211, decodes the data which 
high-order apparatus 20 relayed with the own secret key. 

The control I ed-system apparatus (low rank apparatus) identifier in the data decoded after 
that (ID) is verified, and if it is just ID, the control I ed-system apparatus (low rank 
apparatus) identifier (ID) and model name which were received will be registered into the 
apparatus information data base 106. 

Processing of the subsequent notice of the completion of processing etc. is the same as 
that of the case where the off-line type low rank apparatus which a public-key crypto 
system can use is used. 

[0106] The details of the apparatus Challenge Handshake Authentication Protocol performed 
in [apparatus Challenge Handshake Authentication Protocol] next a service center 10, high- 
order apparatus 20, and both control I ed-system apparatus (low rank apparatus) 30 are 
explained. 

Apparatus Challenge Handshake Authentication Protocol is a process performed in order to 
check a communication partner's justification among 2 persons who perform data 
communication. 

The. composJ t ion -whi ch -performs generat-i on-of a sess i on~key- at~the time" of" mutua I 

recognition processing, performs encryption processing by using the generated session key 
as a share key, and performs data transmission is one desirable data transfer method. 



Hereafter, the apparatus Challenge Handshake Authentication Protocol performed centering 
on high-order apparatus 20 and the apparatus Challenge Handshake Authentication Protocol 
performed centering on control I ed-system apparatus (low rank apparatus) 30 are explained, 
respectively. 

[0107] Explain the apparatus Challenge Handshake Authentication Protocol which checks the 
mutual justification performed between a. high-order apparatus high-order apparatus 

20, and a service center 10. 

[0108] A protocol in case a service center 10 and high-order apparatus 20 perform 
apparatus attestation is shown in Fig. 19. 

High-order apparatus 20 transmits an apparatus attestation start demand to a service 
center 10 first. 

If a service center 10 is in the state which can meet the demand, it will notify to 
apparatus that an apparatus attestation start is possible. 

Under the present circumstances, a service center 10 transmits the own center ID. 
[0109] High-order apparatus 20 wi 1 1 transmit the apparatus ID of high-order apparatus 20 
self, if the response in which an attestation start is possible is received from a service 
center 10. 

Then, mutual recognition is performed between a service center 10 and high-order apparatus 
20. 

As a procedure of mutual recognition, the procedure shown, for example in IS09798 can be 
used. 

[0110] Explain the mutual recognition method using the elliptic curve cryptosystem of the 
160 bit length which is a public-key crypto system as a mutual recognition procedure of 
IS09798 using Fig. 20. 

In Fig. 20, although ECC is used as a public-key crypto system, as long as it is the same 
public-key crypto system, any are sufficient. 
Moreover, key size may not be 160 bits, either. 

In Fig. 20, one side of A and B is equivalent to a service center 10, and another side is 
equivalent to high-order apparatus 20. 

[0111] First, B generates the 64-bit random number Rb, and transmits to A. 

A which received this newly generates the 64-bit random number Ra and the random number Ak 

smaller than the number p of marks. 

And point Av=AkxG as for which Ak doubled the base point G is calculated, electronic 
signature A. Sig to Ra, Rb, and Av (X coordinates and Y coordinates) is generated, and B is 
returned with the public key certificate of A. 

Here, since 64 bits, and X coordinates and Y coordinates of Av are 160 bits, Ra and Rb 

generate^the _e lectronic s ignature to a -total of-448 b its, - respect i-ve l-y.- 

[0112] In case a public key certificate is used, using the public key of the public key 
certificate certificate authority (CA) which self holds, a user verifies the electronic 



signature of the public key certificate concerned, and after he succeeds in verification 
of electronic signature, he picks out a public key from a public key certificate. 
[0113] B which received the public key certificate of A r Ra, Rb and Av, and electronic 
signature A. Sig verifies whether Rb which A has transmitted is in agreement with what B 
generated. 

As a result, when in agreement, the electronic signature in the public key certificate of 
A is verified with the public key of a certificate authority, and the public key of A is 
taken out. 

And electronic signature A. Sig is verified using the taken-out public key of A. 

After succeeding in verification of electronic signature, B attests A as a just thing. 

[0114] Next, B generates the random number Bk smaller than the number p of marks. 

And point Bv=BkxG as for which Bk doubled the base point G is calculated, electronic 

signature B. Sig to Rb, Ra, and Bv (X coordinates and Y coordinates) is generated, and A is 

returned with the public key certificate of B. 

[0115] A which received the public key certificate of B, Rb, Ra and Av, and electronic 
signature B. Sig verifies whether Ra which B has transmitted is in agreement with what A 
generated. 

As a result, when in agreement, the electronic signature in the public key certificate of 
B is verified with the public key of a certificate authority, and the public key of B is 
taken out. 

And electronic signature B. Sig is verified using the taken-out public key of B. 
After succeeding in verification of electronic signature, A attests B as a just thing. 
[0116] When both succeed in attestation, B calculates BkxAv (although Bk is a random 
number, since Av is a point on an elliptic curve, scalar twice calculation of the point on 
an elliptic curve is required for it), and A calculates AkxBv, and use it for 
communication after using 64 bits of low ranks of X coordinates of these points as a 
session key (when a common key encryptosystem is made into the common key encryptosystem 
of 64-bit key length). 

Of course, a session key may be generated from Y coordinates and you may not be 64 bits of 
low ranks. 

In addition, transmitting data are not only enciphered with a session key, but electronic 
signature may be attached in the secret communication after mutual recognition. 
[0117] When injustice and disagreement are found on the occasion of verification of 
electronic signature, or verification of receiving data, interrupt processing as that in 
which mutual recognition failed. 

[0118] The disclosure of communication data to a third person is prevented by enciphering 

transmi tt i ng-data-and performi ng data -communication *mutua M y us i ng the sessTon^key 

generated in such mutual recognition processing. 

In addition, whichever of a service center 10 and high-order apparatus 20 may perform 
generation of a session key required for encryption of data. 



When exchange of mutual recognition and a session key goes wrong, a service center 10 
returns an error to high-order apparatus 20. 

If all processings are completed, a center will notify the completion of processing to 
high-order apparatus. 

[0119] b-1. online type low rank apparatus — describe the case where a service center 10 
and online type control I ed-system apparatus (low rank apparatus) 30 next perform apparatus 
attestation. 

The protocol in this case is shown in Fig. 21. 

[0120] Online type control I ed-system apparatus (low rank apparatus) 30 transmits an 
apparatus attestation start demand to high-order apparatus 20 first. 
If high-order apparatus 20 is in the state which can meet the demand, it will notify that 
an apparatus attestation start is possible to control I ed-system apparatus (low rank 
apparatus) 30. 

Control I ed-system apparatus (low rank apparatus) 30 transmits own apparatus ID to high- 
order apparatus 20. 

And mutual recognition is performed between high-order apparatus 20 and control I ed-system 
apparatus (low rank apparatus) 30. 

[0121] In addition, mutual recognition between high-order apparatus 20 and control I ed- 
system apparatus (low rank apparatus) 30 may be performed as attestation processing of the 
public-key crypto system of Fig. 20 explained as mutual recognition processing between the 
above-mentioned service center 10 and high-order apparatus 20, and may perform mutual 
recognition by a common key encryption system. 

[0122] The mutual recognition method using a common key encryption system is explained 
using Fig. 22. 

Although Fig. 22 is the example which used DES as a common key encryption system, the 
other methods are also applicable if it is the same common key encryption system. 
In Fig. 22, A or B corresponds to high-order apparatus 20, and another side corresponds to 
control I ed-system apparatus (low rank apparatus) 30. 

[0123] First, B generates the random number Rb which is 64 bits, and transmits ID (b) 
which is Rb and self ID to A. 

A which received this newly generates the 64-bit random number Ra, in order of Ra, Rb, and 
ID (b), Key Kab is used for it in the CBG mode of DES, it enciphers data, and returns them 
to B. 

[0124] B which received this decrypts receiving data with Key Kab. 

First, the decryption method of receiving data decrypts a cryptogram El with Key Kab, and 
obtains a random number Ra. 

Next, .a. -cryptogram E-2 is- decrypted with Key Kab; the -exclusive OR of the "result "and'ETTs " 

carried out, and Rb is obtained. 

Finally, a cryptogram E3 is decrypted with Key Kab, the exclusive OR of the result and E2 
is carried out, and ID (b) is obtained. 



In this way, Rb and ID (b) verify whether it is in agreement with what B transmitted among 

Ra, Rb(s), and ID (b) which were obtained. 

When it passes in this verification, B attests A as a just thing. 

[0125] Next, B generates the session key (Session Key (hereafter referred to as Kses)) 

used after attestation (a random number is used for the generation method). 

And in order of Rb, Ra, and Kses, in the CBC mode of DES, Key Kab is used, it enciphers, 

and A is returned. 

[0126] A which received this decrypts receiving data with Key Kab. 

Since the decryption method of receiving data is the same as that of decryption processing 
of B, details are omitted here. 

In this way, Rb and Ra verify whether it is in agreement with what A transmitted among 

Rb(s), Ra, and Kses(es) which were obtained. 

When it passes in this verification, A attests B as a just thing. 

After attesting the partner of each other, the session key Kses is used as a common key 

for the secret communication after attestation. 

[0127] In addition, when injustice and disagreement are found on the occasion of 
verification of receiving data, processing is interrupted as that in which mutual 
recognition fai led. 

[0128] If mutual recognition is successful, high-order apparatus 20 wi 1 1 require an 
apparatus attestation start as a substitute of control I ed-system apparatus (low rank 
apparatus) 30 from a service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify that an 
apparatus attestation start is possible to high-order apparatus 20. 
High-order apparatus 20 transmits the apparatus ID of control I ed-system apparatus (low 
rank apparatus) 30 to a service center 10. 

A service center 10 verifies the justification of the apparatus ID of low rank apparatus 
here. 

Verification of justification is performed as processing which confirms whether the 
apparatus ID contained in sending data is registered into the apparatus information data 
base 106 which a service center 10 has. 

After justification verification of Apparatus ID is completed normally, high-order 
apparatus 20 gives permission of the direct communication with a service center 10 to 
control I ed-system apparatus (low rank apparatus) 30. 

High-order apparatus 20 does not participate in the contents of communication between a 
service center 10 and control I ed-system apparatus (low rank apparatus) 30 after this. 
[0129] In response to direct communication permission with a service center 10, 

cont r o jJLe^-system_ajpAr_a.t.us._(J-OW_ rank apparatus) - 30 -communicates- a cent er~and d i r ect I y , 

and performs mutual recognition. 

Mutual recognition is performed using either of the examples of above-mentioned Figs. 20 
or 22. 



Completion of mutual recognition enciphers, transmits and receives data using the session 
key (common key) generated at the time of future mutual recognition. 
Whichever of a service center 10 and control I ed-system apparatus (low rank apparatus) 30 
may perform generation of a session key. 

In addition, since mutual recognition is completed here, respectively between a service 
center 10 and high-order apparatus 20 and between high-order apparatus 20 and control I ed- 
system apparatus (low rank apparatus) 30, it is also possible to omit the direct mutual 
recognition of a service center 10 and control I ed-system apparatus (low rank apparatus) 
30. 

When exchange of mutual recognition and a session key goes wrong, a center returns an 
error to low rank apparatus. 

If all processings are completed, a service center 10 will notify the completion of 
processing to control I ed-system apparatus (low rank apparatus) 30. 

If a session key can share between control I ed-system apparatus (low rank apparatus) 30 and 
a service center 10, online type low rank apparatus can be treated like high-order 
apparatus 20 in each procedure explained henceforth. 

[0130] In addition, in the case of control I ed-system apparatus (low rank apparatus) 30 
without an encryption function, attestation of control I ed-system apparatus (low rank 
apparatus) 30 is performed by attestation processing which used the one-time password. 
In this case, a service center 10 or high-order apparatus 20 generates and holds a session 
key, and makes data communication between the service center 10 through an external 
network, and high-order apparatus 20 the data communication using a session key. 

The protocol in this case is shown in Fig. 23. 

[0131] Explain the apparatus Challenge Handshake Authentication Protocol of b-2. off-line 
type low rank apparatus, next off-line type low rank apparatus. 
The protocol in this case is shown in Fig. 24. 

Off-line type control I ed-system apparatus (low rank apparatus) 30 is the composition of 
receiving control information through information recording media, such as memory card, as 
explained previously. 

[0132] If low rank apparatus is not first equipped with the information recording medium, 
equip with off-line type control I ed-system apparatus (low rank apparatus) 30. 
In that case, a recording medium is attested. 

This attestation processing is performed by the method using the above-mentioned 
symmetrical key, an asymmetrical key, and a password etc. according to the composition (a 
scrambling function, key storing composition) of control I ed-system apparatus (low rank 

apparatus), 30. and -an -i nformation- record i ng-med i urn: 

If recording-medium attestation is successful, control I ed-system apparatus (low rank 
apparatus) 30 will transmit data required for apparatus attestation of Apparatus ID etc. 
to an information recording medium. 



An end of transmission moves an information recording medium to high-order apparatus 20. 
[0133] If an information recording medium is set, high-order apparatus 20 will transmit 
data required for apparatus attestation from a medium, after attesting an information 
recording medium. 

Attestation processing of an information recording medium is performed by the method using 
the above-mentioned symmetrical key, an asymmetrical key, and a password etc. like 
attestation processing with control I ed-system apparatus (low rank apparatus) 30 and an 
information recording medium. 

An end of transmission performs mutual recognition of high-order apparatus 20 and 
control I ed-system apparatus (low rank apparatus) 30 based on the storing data of an 
information recording medium. 

In the meantime, if it needs to be moved between the high-order apparatus 20 of an 
information recording medium, and control I ed-system apparatus (low rank apparatus) 30, it 
wi 1 1 carry out. 

If mutual recognition is successful, high-order apparatus 20 will require an apparatus 
attestation start of a service center 10 instead of control I ed-system apparatus (low rank 
apparatus) 30. 

If a service center 10 is in the state which can meet the demand, it will notify that an 
apparatus attestation start is possible to high-order apparatus 20. 
[0134] Next, high-order apparatus 20 transmits the apparatus ID of control I ed-system 
apparatus (low rank apparatus) 30 to a service center 10. 

A service center 10 verifies the justification of the apparatus ID of control I ed-system 
apparatus (low rank apparatus) 30 here. 

If justification verification of Apparatus ID is completed normally, control I ed-system 
apparatus (low rank apparatus) 30 will perform exchange of a service center 20, mutual 
recognition processing, and a session key. 

However, since control I ed-system apparatus (low rank apparatus) 30 and a service center 10 
cannot carry out direct communication, high-order apparatus 20 and an information 
recording medium intervene, and they are performed. 

In the meantime, movement between the high-order apparatus 20 of an information recording 
medium and contro 1 1 ed-system apparatus (low rank apparatus) 30 is performed if needed. 
Completion of mutual recognition generates a session key (common key) required for 
encryption of future data. 

Whichever of a service center 10 and control I ed-system apparatus (low rank apparatus) 30 
may perform generation of a session key. 

In addition, in the case of control I ed-system apparatus (low rank apparatus) 30 without an 

encrypt function, _at.tes.ta.tion-of -contro 1 1 ed-system- apparatus- (low rank -apparatus) - 30~ is 

performed by attestation processing which used the one-time password. 

In this case, a service center 10 or high-order apparatus 20 generates and holds a session 

key, and makes data communication between the service center 10 through an external 



network, and high-order apparatus 20 the data communication using a session key. 

When exchange of mutual recognition and a session key goes wrong, a service center 10 
returns an error to high-order apparatus 20. 

If all processings are completed, a service center 10 will notify the completion of 
processing to high-order apparatus 20. 

High-order apparatus 20 transmits the notice of the completion of processing, or the 
notice of an error to an information recording medium. 

If an information recording medium is moved to control I ed-system apparatus (low rank 
apparatus) 30, controll ed-system apparatus (low rank apparatus) 30 will attest an 
information recording medium, and will transmit the notice of the completion of 
processing, or the notice of an error from a recording medium (read-out processing). 
[0135] The user registration for registering user information, such as [user registration 
and an information change protocol], next a user name, sett I ement-of -accounts information, 
into the user information data base 107 (referring to Fig. 5) of a service center 10 and 
an information change protocol are explained. 

[0136] Describe the processing in the case of a. high-order apparatus, online type low 
rank apparatus ^"f high-order apparatus 20, and online type control I ed-system apparatus 
(low rank apparatus) 30. 
The protocol in this case is shown in Fig. 25. 

High-order apparatus 20 and online type control I ed-system apparatus (low rank apparatus) 
30 are named "apparatus" generically. 

Apparatus performs the start demand of user registration to a service center 10. 
If a service center 10 is in the state where user information registration can be 
performed, it will notify a start check to apparatus. 

Apparatus enciphers the user information which the user inputted with a session key, and 
transmits it with Apparatus ID. 

User information is a name, the address, sett I ement-of -accounts information, etc. 
Sett I ement-of-accounts information is information required for settlement of onerous 
services, such as a bank account, a credit card number, and a prepaid card number. 
A service center 10 decodes the enciphered user information with the session key 
corresponding to Apparatus ID. 

[0137] A service center 10 publishes User ID to the user concerned continuously, and a 
service center 10 registers the user ID and user information, and Apparatus ID into the 
inner user information data base 107. 

After registration of the user information on a data base, a service center 10 enciphers 

User J D_ w j th_ a _sess. i on key and _t tansmi ts h-i to- apparatus. 

Apparatus will decode the enciphered user ID with a session key, if this is received. 
And a user is notified of User ID. 



A notice is performed in the display section 303 (refer to Fig. 3) of control I ed-system 
apparatus (low rank apparatus) 30. 

In addition, displaying in high-order apparatus is also possible. 

In order to save the time and effort which inputs User ID whenever a user uses apparatus 
here, it is very good in the way save User ID to apparatus and a user chooses his ID. 
Finally a service center 10 performs the notice of the completion of processing, or the 
notice of an error to apparatus. 

[0138] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it enciphers, transmits and receives data and 
high-order apparatus 20 enciphers data with a session key, it transmits to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to low rank apparatus. 
The protocol in this case is shown in Fig. 26. 

[0139] User information is still more nearly already registered into the user information 
data base 107 in a service center 10, and in changing the information, publishing User ID 
in registration procedure and the processing which notifies User ID to high-order 
apparatus become unnecessary. 

Moreover, instead of inputting the name for specifying a user etc., you may input the 
pub I ished user ID. 

If the apparatus ID of the apparatus by which the user uses the service center 10 at this 
time is not related with the user ID of this ^, processing which adds Apparatus ID to the 
user information data base 107 is performed. 

Other portions are the same as that of the case of user information registration. 
The protocol in this case is shown in Fig. 27. 

[0140] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 28. 

[0141] Describe the case of b. off-line type low rank apparatus, then off-line type low 
rank apparatus. 

The protocol in this case is shown in Fig. 29. 

It equips, if off-line type control I ed-system apparatus (low rank apparatus) 30 is not 

equipped- wj-th^the-r-ecor-ding-mediumr 

In that case, attestation of a recording medium is needed. 



After control I ed-system apparatus (low rank apparatus) 30 enciphers the user information 
which the user inputted with a session key, it is transmitted to an information recording 
medium with Apparatus ID. 

After transmission is completed, an information recording medium is removed from 
control I ed-system apparatus (low rank apparatus) 30, and high-order apparatus 20 is 
equ i pped. 

[0142] High-order apparatus 20 will start attestation of an information recording medium, 
if equipped with an information recording medium. 

After attestation of an information recording medium is completed, high-order apparatus 20 
transmits data from an information recording medium (reading). 

High-order apparatus 20 gives a user registration start demand to a service center 10 as a 
substitute of low rank apparatus after a transmission end. 

If a service center 10 is in the state where user information registration can be 
performed, it will notify a start check to high-order apparatus 20. 
[0143] High-order apparatus 20 transmits the data from control I ed-system apparatus (low 
rank apparatus) 30 to a service center 10 as it is. 

A service center 10 decodes the enciphered user information with the session key 
corresponding to Apparatus ID. 

Then, User ID is published to the user concerned and the user ID and user information, and 
Apparatus ID are registered into the user information data base 107. 
[0144] A service center 10 enciphers User ID after registration of the user information on 
a data base with a session key with control I ed-system apparatus (low rank apparatus) 30, 
and transmits him to high-order apparatus 20. 

And a service center 10 performs the notice of the completion of processing, or the notice 
of an error to high-order apparatus 20. 

The user ID enciphered as high-order apparatus 20 receives the notice of the completion of 
processing from a service center 10 is transmitted to an information recording medium. 
Then, an information recording medium is moved to control I ed-system apparatus (low rank 
apparatus) 30 from high-order apparatus 20. 

If control I ed-system apparatus (low rank apparatus) 30 is equipped with an information 
recording medium, control I ed-system apparatus (low rank apparatus) 30 will attest an 
information recording medium. 

If attestation is successful, control I ed-system apparatus (low rank apparatus) 30 will 
transmit the data in an information recording medium (data reading). 
[0145] Next, control I ed-system apparatus (low rank apparatus) 30 decodes the enciphered 
user ID who read in the information recording medium with a session key. 

And_a .user is. .notified of -User- -MX 

A notice is performed in the display section 303 (refer to Fig. 4) of control I ed-system 
apparatus (low rank apparatus) 30. 



In order to save the time and effort which inputs User ID whenever a user uses apparatus 
here, it is very good in the way save User ID to apparatus and a user chooses his ID for 
it. 

[0146] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 30. 

[0147] User information is still more nearly already registered into the user information 
data base 107 in a service center 10, and in changing the information, publishing User ID 
in registration procedure and the processing which notifies User ID to high-order 
apparatus become unnecessary. 

Moreover, instead of inputting the name for specifying a user etc., you may input the 
pub I ished user ID. 

If the apparatus ID of the apparatus by which the user uses the service center 10 at this 
time is not related with the user ID of this processing which adds Apparatus ID to the 
user information data base 107 is performed. 

Other portions are the same as that of the case of user information registration. 
The protocol in this case is shown in Fig. 31. 

[0148] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 32. 

[0149] In order to identify a [user authentication information registration protocol] 
user, some methods can be considered, but the case where the method and ID card which used 
the password here are used is explained. 

When using an ID card, it is possible to use the card equipped with the mechanism in which 
living body information which embedded ID according to individual, such as a card and a 
fingerprint, can be recognized, or the card which saves the group of the public key and 
secret key of a user individual. 

You may use whichever of the contacted type card which has a magnetic tape as an ID card. 

and the_ noncontact card. whJ ch_ per forms, wireless -commun-i cations: 

Moreover, as a place which compares by saving the user authentication information for 
identifying a user, apparatus (high-order apparatus and control I ed-system apparatus (low 
rank apparatus)) or a service center can be considered. 



When saving to apparatus, it is easy to manage restriction of a user in apparatus etc. 
individual ly. 

In registering with a service center, when using two or more apparatus, it is not 
necessary to do registration work for every apparatus. 

A password etc. describes first the procedure which registers the information for 
attestation into apparatus or a center. 

[0150] It is the method of comparing with the user authentication information which saved 
user authentication information, such as a preservation user's password, in the inside of 
apparatus, and the user inputted into a. apparatus on the occasions, such as offer of 
service. 

In this case, registration of the password which can be set is explained. 
The protocol in this case is shown in Fig. 33. 

If the user ID whom the user inputted is received, the input of a password will be urged 
to apparatus to a user. 

[0151] If a user enters a password from a control unit (in the case [ In the case of high- 
order apparatus ] of a control unit 209 and low rank apparatus control unit 308), 
apparatus saves the group of the password which corresponds with User ID in the memory 
inside apparatus. 

At this time, you may encipher by not saving a password with ¥3t. 

Next, a service center 10 notifies the completion of processing, or an error to apparatus. 
[0152] Explain user authentication information registration processing in which an ID card 
is used next. 

The protocol in this case is shown in Fig. 34. 

Apparatus will transmit User ID and user authentication information from an ID card, if a 
user sets an ID card. 

Apparatus saves the user authentication information which corresponds with User ID in the 
memory inside apparatus. 

Next, a service center 10 notifies the completion of processing, or an error to apparatus. 
[0153] It is the method of comparing with the user authentication information which saved 
preservation (high-order apparatus and online type low rank apparatus) user authentication 
information in the b. center in the service center 10, and the user inputted on the 
occasions, such as offer of service. 

In this case, registration of the password which can be set is explained. 
The protocol in this case is shown in Fig. 35. 

[0154] It is as follows when using high-order apparatus and online type control I ed-system 
apparatus (low rank apparatus) first. 

Apparatus. requ Lr es_ the_r.eg.i.s.t ration- star t of -user-authent-i eat i on -i nf ormat i on- of- a~ ser v i ce 

center 10. 

If a service center 10 is in the state which can meet the demand, it will notify to 
apparatus that a registration start is possible. 



If the user ID whom the user inputted is received, the input of a password will be urged 
to apparatus to a user. 

If a user enters a password, apparatus will encipher the group of the password which 
corresponds with User ID with a session key, and will transmit it to a service center 10 
with Apparatus ID. 

A service center 10 decodes User ID and the password which were enciphered with the 
session key corresponding to Apparatus ID. 

Then, a password is registered into the user information data base 107. 

When decode with a session key and the registration to a data base go wrong, a service 

center 10 returns an error to apparatus. 

If all processings are completed, a service center 10 will notify the completion of 
processing to apparatus. 

[0155] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 36. 
[0156] Next, explain how to use an ID card. 
The protocol in this case is shown in Fig. 37. 

Apparatus will transmit User ID and user authentication information from an ID card, if a 
user sets an ID card. 

Apparatus requires the registration start of user authentication information of a service 
center 10. 

If a service center 10 is in the state which can meet the demand, it will notify to 
apparatus that a registration start is possible. 

Then, apparatus enciphers the group of user authentication information which corresponds 
with User ID with a session key, and transmits it to a service center 10 with Apparatus 
ID. 

The following processings are the same as that of the case where a password is used. 
[0157] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 

^ey--t-hey--are~t r-ansmftt-ed -t-o--eont-r o l-l ed-system -appar atus- ( I ow-rank"appar atus) "30: 

The protocol in this case is shown in Fig. 38. 



[0158] c. off-line type low rank apparatus — describe the user authentication information 
registration protocol in the case of off-line type control I ed-system apparatus (low rank 
apparatus) below. 

First, registration of the password which can be set in this case is explained. 
The protocol in this case is shown in Fig. 39. 

[0159] Off-line type control I ed-system apparatus (low rank apparatus) 30 demands the input 
of User ID and a password from a user. 

If User ID and a password are entered, control I ed-system apparatus (low rank apparatus) 30 
will encipher this with a session key, and will transmit it to an information recording 
medium with Apparatus ID. 

If an information recording medium is moved from low rank apparatus to high-order 
apparatus, high-order apparatus 20 will attest an information recording medium. 
If attestation of an information recording medium is successful, high-order apparatus 20 
will transmit data from an information recording medium. 

Then, high-order apparatus 20 requires the registration start of user authentication 
information of a service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify that a 
registration start is possible to high-order apparatus 20. 

High-order apparatus 20 transmits the data transmitted from the information recording 
medium (read-out) to a center as it is. 

A service center 10 decodes User ID and the password which were enciphered with the 
session key corresponding to Apparatus ID. 

Then, a password is registered into the user information data base 107. 

When decode with a session key and the registration to a data base go wrong, a service 

center 10 returns an error to high-order apparatus 20. 

If all processings are completed, a service center 10 will notify the completion of 
processing to high-order apparatus 20. 

The notice of an error and the notice of the completion of processing to high-order 
apparatus 20 are transmitted to off-line type control I ed-system apparatus (low rank 
apparatus) 30 through an information recording medium from a service center 10. 
[0160] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 

The protocol in this case_js shown, in. Fi.g._ 4.0 

[0161] Next, explain the user authentication information registration protocol using an ID 
card. 

The protocol in this case is shown in Fig. 41. 



Control I ed-system apparatus (low rank apparatus) 30 will transmit User ID and user 
authentication information from an ID card, if a user sets an ID card. 
The following processings are the same as that of the case where a password is used. 
[0162] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30, 
The protocol in this case is shown in Fig. 42. 

[0163] The procedure which attests a user is described using the user authentication 
information registered by the [user authentication protocol], next the user authentication 
information registration protocol. 

[0164] Save user authentication information to a. apparatus, save a preservation user's 
user authentication information to apparatus, and explain the method of the user 
authentication in the case of comparing with the user authentication information which the 
user inputted on the occasions, such as offer of service. 

[0165] The protocol in the case of using a password as user authentication information is 
shown in Fig. 43. 

If the user ID whom the user inputted is received, the input of a password will be urged 
to apparatus to a user. 

If a user enters a password, apparatus will compare the password which selected the 
password corresponding to User ID and was entered as this out of the group of the User ID 
and the password which are saved in memory. 

If it succeeds in collation, a user can say that he has just authority, and it becomes 

possible to receive service etc. 

Error handling is performed when collation goes wrong. 

[0166] Explain how to use an ID card next. 

The protocol in this case is shown in Fig. 44. 

Apparatus will transmit User ID and user authentication information from an ID card, if a 
user sets an ID card. 

Then, apparatus selects the user authentication information corresponding to User ID from 
the groups of user authentication information with the user ID saved in internal memory, 
and compares the user authentication information transmitted from the ID card. 
If it succeeds in collation, a user can say that he has just authority, and it becomes 
possible to receive service etc. 

Error hand I i ng i s performed, when, co I LatJ on._go.es .wrong - 

[0167] Save user authentication information in the b. center, save a preservation user's 
password in a service center 10, and explain the method of the user authentication in the 



case of comparing with the password which the user entered on the occasions, such as offer 
of service. 

The protocol in the case of using a password is shown in Fig. 45. 

Apparatus requires a user authentication start of a service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify to 

apparatus that an attestation start is possible. 

If the user ID whom the user inputted is received, the input of a password will be urged 
to apparatus to a user. 

If a user enters a password, apparatus will be transmitted to a center with Apparatus ID, 
after enciphering the group of the password which corresponds with User ID with a session 
key. 

A center decodes User ID and the password which were enciphered with the session key 
corresponding to Apparatus ID. 

A service center 10 compares the password registered into apparatus and the user 
information data base 107, and the password transmitted from apparatus. 
A service center 10 transmits a collation result to apparatus. 

If it succeeds in collation, a user can say that he has just authority, and it becomes 
possible to receive service etc. 

It adds, when the apparatus ID transmitted to the entry of the user ID of the user 
information data base 107 concerned is not contained. 

Also when a user uses two or more apparatus by this, it is possible to associate User ID 
and Apparatus ID. 

Error handling is performed when collation goes wrong. 

[0168] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 46. 

[0169] Next, explain the method of user authentication using an ID card. 
The protocol in this case is shown in Fig. 47. 

Apparatus will transmit User ID and user authentication information from an ID card, if a 
user sets an ID card. 

Apparatus requires a user authentication start of a service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify to 

apparatus-that-an at-testat ion-start -i s poss ible. 

Apparatus is transmitted to a service center 10 with Apparatus ID, after enciphering the 
group of user authentication information which corresponds with User ID with a session 
key. 



A service center 10 decodes User ID and the user authentication information which were 
enciphered with the session key corresponding to Apparatus ID. 

A service center 10 compares the user authentication information registered into the user 
information data base 107, and the user authentication information transmitted from 
apparatus. 

Furthermore, a service center 10 transmits a collation result to apparatus. 

If it succeeds in collation, a user can say that he has just authority, and it becomes 

possible to receive service etc. 

It adds, when the apparatus ID transmitted to the entry of the user ID of the user 
information data base 107 concerned is not contained. 
Error handling is performed when collation goes wrong. 

[0170] In addition, when contro 1 1 ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 48. 

[0171] In the case of c. off-line type low rank apparatus, explain the method of the user 
authentication in the case of off-line type control I ed-system apparatus (low rank 
apparatus) 30 below. 

The protocol in the case of using a password is shown in Fig. 49. 

Off-line type control I ed-system apparatus (low rank apparatus) 30 demands the input of 

User ID and a password from a user. 

If User ID and a password are entered, control I ed-system apparatus (low rank apparatus) 30 
will encipher this with a session key, and will transmit it to an information recording 
medium with Apparatus ID. 

[0172] If an information recording medium is moved from control I ed-system apparatus (low 
rank apparatus) 30 to high-order apparatus 20, high-order apparatus 20 will attest an 
information recording medium. 

If attestation of an information recording medium is successful, high-order apparatus 20 
will transmit data from an information recording medium (reading). 
And high-order apparatus 20 requires a user authentication start of a service center 10. 
If a service center 10 is in the state which can meet the demand, it will notify that an 
attestation start is possible to high-order apparatus 20. 

If a notice is received, high-order apparatus 20 will transmit the data transmitted from 

the Information recording-medium .to. a. service-center— 10-as- it- -is- — 

A service center 10 decodes User ID and the password which were enciphered with the 
session key corresponding to Apparatus ID. 



A service center 10 compares the user authentication information registered into the user 
information data base 107, and the user authentication information transmitted from 
apparatus. 

A service center 10 transmits a collation result to high-order apparatus 20. 

If it succeeds in collation, a user can say that he has just authority, and it becomes 

possible to receive service etc. 

It adds, when the apparatus ID transmitted to the entry of the user ID of a user 
information data base concerned is not contained. 
Error handling is performed when collation goes wrong. 

The high-order apparatus 20 which received the attestation result transmits the result to 
an information recording medium. 

If an information recording medium is moved from high-order apparatus 20 to control I ed- 
system apparatus (low rank apparatus) 30, control I ed-system apparatus (low rank apparatus) 
30 will attest an information recording medium. 

If recording-medium attestation is successful, low rank apparatus will transmit data from 
an information recording medium (reading). 

Control I ed-system apparatus (low rank apparatus) 30 notifies a user of an attestation 
result through the display section 303. 

[0173] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to contro 1 1 ed-system apparatus (low rank apparatus) 30 through 
an information recording medium. 
The protocol in this case is shown in Fig. 50. 

[0174] Explain the method of user authentication using the ID card in the case of off-line 
type control I ed-system apparatus (low rank apparatus) 30 below. 
The protocol in this case is shown in Fig. 51. 

Off-line type control I ed-system apparatus (low rank apparatus) 30 will transmit User ID 
and user authentication information from an ID card, if a user sets an ID card. 
The following processings are the same as that of the case where a password is used. 
[0175] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order^ apparatus 20 decodes the. data_f.rom .a. ser-vice-Gent-er- 10-wi t-h-a-sess ion 

key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30 through 

an information recording medium. 

The protocol in this case is shown in Fig. 52. 



[0176] Offer processing of a [service protocol], next the remote service which used high- 
order apparatus 20 from the service center 10 is explained. 

[0177] a. center high-order apparatus and center high-order apparatus-low rank apparatus 
(online) — the protocol in the case of using a service center 10, high-order apparatus 
20, and online type control I ed-system apparatus (low rank apparatus) 30 is first shown in 
Fig. 53. 

Here, when it is called apparatus, it is the general term containing high-order apparatus 

20 and online type control I ed-system apparatus (low rank apparatus) 30. 

[0178] Apparatus requires a service start of a service center 10 first. 

If a service center 10 is in the state which can meet the demand, it will notify to 

apparatus that a service start is possible. 

Service is carried out by communicating data between a service center 10 and apparatus. 
The case where the data for service offer are transmitted from a service center 10 is 
described. 

[0179] Data for service like maintenance information are first sent to the encryption 
communication IC 104 from the data base 103 for service offer by control of CPU101 of a 
service center, for example. 

The encryption communication IC 104 transmits to an external network via the external 
network interface 105, after enciphering with the session key exchanged between a service 
center and apparatus on the occasion of apparatus attestation of the data. 
[0180] In the high-order apparatus 20 side, the encryption communication IC 205 decodes 
the data received by the external network interface 208 course using a session key. 
The decoded data are transmitted to the recording devices 210, such as memory 202 and a 
disk, through a data bus. 

CPU201 reads data from the recording devices 210, such as memory 202 and a disk, and 
controls the apparatus peculiar section 204. 

In addition, when controlling online type control I ed-system apparatus (low rank apparatus) 
30, data are transmitted between high-order apparatus 20 and control I ed-system apparatus 
(low rank apparatus) 30. 

[0181] Describe the case where data are continuously transmitted to a service center 10 
from online type control I ed-system apparatus (low rank apparatus) 30. 
First, data are sent to the encryption communication IC 305 by control of CPU301 of online 
type control I ed-system apparatus (low rank apparatus) 30. 

The encryption communication IC 305 transmits to high-order apparatus 20 through the local 

interface 307, after giving encryption with the session key of data. 

High-order apparatus 20 transmits the data received through the local interface 208 from 

contro IJedjjsystem apparatus, _(J pw_ rank-apparatus)- .30- to -an-ext-er-na I- network via the 

external network interface 208. 

[0182] In the service center 10 side, the encryption communication IC 104 decodes the data 
received by the external network interface 105 course using a session key. 



The decoded data are transmitted to memory 102, the data base 103 for service offer, the 
apparatus information data base 106, and the user information data base 107 through a data 
bus. 

While offering service, if required, CPU101 of a service center 10 will record fee 
collection information on memory 102 or the user information data base 107. 
Fee collection information is the number of times of use of onerous service, time, the 
amount of transceiver data, etc. 

[0183] Above, as explained, since it is enciphered using the session key, the protection 
of the contents of communication of the communication of data performed between a service 
center 10 and apparatus during offer of service is attained. 

If offer of service is completed, CPU101 of a service center 10 will acquire a user's 

settlement-of-accounts information from a user data base by using User ID as a search key, 

and will perform settlement-of-accounts processing. 

End processing is performed in case offer of service is ended. 

[0184] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 

equipped with an encryption function, after it does not encipher data but high-order 

apparatus 20 enciphers with a session key, data transmission is performed to a service 

center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key. they are transmitted to control I ed-system apparatus (low rank apparatus) 30. 
The protocol in this case is shown in Fig. 54. 

[0185] Explain offer processing of the remote service to 2. center high-order apparatus- 
low rank apparatus (off-line), next off-line type low rank apparatus. 
In this case, service communicates between a service center 10 and high-order apparatus 
20, high-order apparatus 20 receives data instead of off-line type control I ed-system 
apparatus (low rank apparatus) 30, and it saves them once, and is carried out by gathering 
that data using an information recording medium, and transmitting to low rank apparatus. 
The protocol in this case is shown in Fig. 55. 

[0186] If control I ed-system apparatus (low rank apparatus) 30 is not first equipped with 
the information recording medium, equip. 

In that case, attestation of an information recording medium is needed. 
If attestation of an information recording medium is successful, a service name, a 
parameter, etc. will transmit control I ed-system apparatus (low rank apparatus) 30 through 
data required for a service start. 

After transmission is completed, an information recording medium is moved to high-order 
apparatus 20. 

[0187] If an jnf ormat ion _r_e.oor.ding_ medium- is -set ,-h i gh^or-der -appar-atus-20- w i I f t r ansm i t 

data required for a service start from an information recording medium, after performing 
information recording-medium attestation. 



After transmission is completed, high-order apparatus 20 requires a service start of a 
service center 10. 

If a service center 10 is in the state which can meet the demand, it will notify that a 
service start is possible to high-order apparatus 20. 

[0188] Describe the case where data are exchanged between high-order apparatus 20 and 
control I ed-system apparatus (low rank apparatus) 30, during service offer. 
If recording-medium attestation is not settled when high-order apparatus 20 transmits data 
to an information recording medium, the encryption communication IC 205 of high-order 
apparatus 20 starts attestation of an information recording medium. 

If an information recording medium can be attested, CPU201 of high-order apparatus 20 will 
read the data received from the service center 10 for control I ed-system apparatus (low 
rank apparatus) 30 from the recording device 210 of high-order apparatus 20 inside, and 
will transmit them to the encryption communication IC 205. 

The data transmitted to the encryption communication IC 205 are transmitted to the 
information recording medium 211 via the recording-medium interface 207 as it is 
(wr i t i ng) . 

[0189] If recording-medium attestation is not settled when control I ed-system apparatus 
(low rank apparatus) 30 transmits data to an information recording medium, the encryption 
communication IC 305 of control I ed-system apparatus (low rank apparatus) 30 starts 
attestation of an information recording medium. 

If an information recording medium can be attested, CPU301 of control I ed-system apparatus 
(low rank apparatus) 30 will read data from memory 302 or a recording device 309, and will 
transmit them to the encryption communication IC 305. 

The encryption communication IC 305 enciphers the transmitted data with a session key, and 
transmits them to the information recording medium 310 by recording-medium interface 306 
course. 

[0190] Moreover, describe the case where data are exchanged between a service center 10 
and high-order apparatus 20, during service offer. 

The case where the data for service offer are transmitted from a service center 10 is 
described. 

Data are first sent to the encryption communication IC 104 from the data base 103 for 
service offer by control of CPU101 of a service center 10. 

The encryption communication IC 104 transmits to an external network via the external 
network interface 105, after enciphering with the session key exchanged between a service 
center 10 and control I ed-system apparatus (low rank apparatus) 30 on the occasion of 
apparatus attestation of the data. 

19!?!! J.1 A n A^'f "r^dex appar.aius_20_ s i de, _the.-encr-yption-commun i cat-i on--l G- 205-rece i ves — 

data by external network interface 208 course, and transmits to the recording devices 210, 
such as memory 202 and a disk, through a data bus. 



[0192] Describe the case where data are continuously transmitted to a service center 10 
from high-order apparatus 20. 

First, the data enciphered with the session key exchanged by control of CPU201 of high- 
order apparatus 20 between control I ed-system apparatus (low rank apparatus) 30 and a 
service center 10 are read from memory 202 or a recording device 210, and are sent to the 
encryption communication IC 205. 

The encryption communication IC 205 transmits the data to an external network via the 
external network interface 206. 

In the service center 10 side, the encryption communication IC 104 decodes the data 

received by the external network interface 105 course using a session key. 

The decoded data are transmitted to memory 102, the data base 103 for service offer, the 

apparatus information data base 106, and the user information data base 107 through a data 

bus. 

While offering service, if required, CPU101 of a service center 10 will record fee 
collection information on memory 102 or the user information data base 107. 
Fee collection information is the number of times of use of onerous service, time, the 
amount of transceiver data, etc. 

[0193] As mentioned above, it is enciphered using a session key and the communication of 
data performed between a service center and apparatus during offer of service can protect 
the contents of communication. 

If offer of service is completed, CPU101 of a service center 10 will acquire a user's 
settlement-of-accounts information from the user data base 107 by using User ID as a 
search key, and will perform settlement-of-accounts processing. 
End processing is performed in case offer of service is ended. 
[0194] In addition, when control I ed-system apparatus (low rank apparatus) 30 is not 
equipped with an encryption function, after it does not encipher data but high-order 
apparatus 20 enciphers with a session key, data transmission is performed to a service 
center 10 between low rank apparatus and high-order apparatus. 

After high-order apparatus 20 decodes the data from a service center 10 with a session 
key, they are transmitted to control I ed-system apparatus (low rank apparatus) 30 through 
an information recording medium. 
The protocol in this case is shown in Fig. 56. 

[0195] Below [the example of concrete processing] explains the concrete example of service 
offer of the service offer system through the means of communication of this invention, 
and the service offer method. 

[ — 0196] <remote maintenance> — telediagnosis and a restoration system are first 

descr i bed as a concrete example of ser yj ce_p_tte_r_. - 

The protocol in this case is shown in Fig. 57. 

This system is an example which performs diagnosis and restoration of an obstacle part by 
operation from a service center 10, when an obstacle occurs to apparatus. 



[0197] Diagnose in order to investigate the state of apparatus first. 
This diagnosis is performed, when CPU (it is [ in the case of high-order apparatus ] 
CPU301 in the case of CPU201 and low rank apparatus) of apparatus publishes a command to 
various portions inside apparatus and analyzes that response. 

The program for diagnosis is beforehand recorded on memory, a disk, etc. inside apparatus. 

If diagnosis is completed, the result will be transmitted to a service center 10. 

Or it is good also as composition which diagnoses by borrowing the help of a center. 

In this case, apparatus transmits the message of a diagnostic request to a service center 

10. 

If diagnosis of applicable apparatus is possible for the service center 10 which received 
the message of a diagnostic request, it will publish a diagnostic command and will 
transmit it to apparatus. 

If a diagnostic command is received from a service center 10, apparatus will execute the 
command and will transmit a result to a service center 10. 

[0198] A service center 10 analyzes the result transmitted from apparatus, by it, if 

required, will publish a diagnostic command again and will transmit it to apparatus. 

An analytic procedure is repeated from issue of the above-mentioned diagnostic command 

until a service center 10 can judge that diagnosis was completed. 

Telediagnosis is performed as mentioned above and an obstacle part and a state can be 

specified, and if remote restoration is possible, it will go into the procedure of 

restoration. 

Remote restoration is performed by transmitting a restoration command required in order 
that a service center 10 may restore the obstacle of apparatus to apparatus based on a 
diagnostic result. 

[0199] CPU101 of a service center 10 analyzes a diagnostic result, and publishes a 
restoration command. 

Under the present circumstances, the optimal command is chosen with reference to the 
obstacle history of the past of the applicable apparatus accumulated in the data base 103 
for service offer, or this model. 

A service center 10 transmits this restoration command to apparatus. 

Apparatus executes the restoration command which received by control of CPU in apparatus, 

and transmits the result to a center. 

The service center which received the result analyzes based on the result and past 
history, if required, will publish a restoration command again and will transmit it to 
apparatus. 

The message to a user is displayed on the display section of apparatus if needed. 
And it asks for the input of continuing execution of restoration. 
An analytic procedure is repeated from issue of the above-mentioned restoration command 
until a center judges that restoration was completed or a user ends restoration. 



In case restoration is ended, the diagnostic result till then and the contents of 

restoration are registered into the apparatus information data base 106. 

It uses for fee collection, or the data of two or more apparatus are collectively fed back 

to an apparatus maker, and the diagnostic result and the contents of restoration which 

were registered into the data base can be used for the improvement of apparatus. 

And a center notifies the end of remote restoration to apparatus. 

[0200] Backup and restoration processing of the data saved to apparatus are explained as 
another example of service offer of <backup restoration> book invention about the 
processing composition which a service center 10 performs. 

[0201] This is for using the apparatus with a former state by restoring, even if it should 

back up beforehand data, such as setting information saved to apparatus, for the memory 

means of a service center 10 and data should disappear. 

Backup is explained first. 

The protocol in this case is shown in Fig. 58. 

[0202] Apparatus performs a backup start demand to a service center 10. 

The service center 10 which received this demand secures the domain for backup on the data 

base 103 for service offer. 

If it is in the state where partitioning is successful and it can back up, a service 
center 10 will transmit backup start confirmative advice to apparatus. 
The apparatus which received start confirmative advice transmits the data for backup to a 
service center 10. 

A service center 10 is saved to the domain which secured the received backup data. 

An end of preservation registers backup information, such as backup time and a 

preservation domain, into the apparatus information data base 106. 

And a service center 10 notifies the end of backup to apparatus. 

[0203] Explain the procedure of restoration continuously. 

The protocol in this case is shown in Fig. 59. 

Apparatus performs a restoration start demand to a service center 10. 

The service center 10 which received this demand acquires backup information from the 

apparatus information data base 106 by using Apparatus ID as a search key. 

If it is in the state where it succeeds in acquisition of backup information, and can 

restore, a service center 10 will transmit restoration start confirmative advice to 

apparatus. 

And a service center 10 takes out the domain information on the data base 103 for service 
offer with which backup data are saved from backup information. 

Based on this information, backup data are read from the domain on the data base 103 for 
service offer, and it transmits to apparatus. 

[0204] Apparatus performs restoration, after checking the received backup data. 

After restoration is completed, apparatus notifies the end of restoration to a service 

center 10. 



The service center 10 which received the notice of a restoration end registers a 
restoration history into the apparatus information data base 106. 

And a service center 10 notifies the end of the processing about restoration to apparatus. 

[0205] Data distribution is described as still more nearly another example of service 

offer of <data distribution (music, image, text, etc. )> book invention. 

[0206] This stores data, such as music, and an image, text, in a service center 10, and 

can take in and use them for apparatus from a service center 10 according to a demand of a 

user. 

The protocol in this case is shown in Fig. 60. 

In using a data distribution function, a user first performs operation which starts data 
distribution by the control unit (it is [ in the case of high-order apparatus ] a control 
unit 308 in the case of a control unit 209 and low rank apparatus) prepared in apparatus. 
The apparatus which received the input from a user performs a data distribution start 
demand to a service center 10. 

If a service center 10 is in the state where data distribution can be performed, it will 
transmit data distribution start confirmative advice to apparatus. 
The apparatus which received start confirmative advice displays the message of a data 
distribution start on the display section (in the case of high-order apparatus, in the 
case of the display section 203 and low rank apparatus, it is the display section 303). 
Furthermore, a service center 10 transmits the menu containing the choice about the data 
which can be used to apparatus. 

Apparatus will be outputted to the display section, if this menu is received. 
[0207] If a user chooses required data out of a menu and inputs into a control unit, the 
information, for example, a data number, what selected data of apparatus are will be 
transmitted to a service center 10. 

A service center 10 acquires required data from the data base for service offer, and 
transmits them to apparatus. 

Apparatus outputs having received data to the display section. 
And a user operates reproducing data etc. 

What is necessary is just to perform a required input from a control unit, when a user 
uses a data distribution function succeeding I y. 

After data distribution is completed, if the service center 10 is required, a data 
distribution history will be registered into the apparatus information data base 106. 
It uses for fee collection or the data distribution history registered into the data base 
can be used for marketing, such as examination of the data offered after gathering the 
data of two or more apparatus. 

And a service center 10 notifies the end of data distribution to apparatus. 
[ — 0208] <help tutorial) — the example which offers further the help function which 
explains the operation method of apparatus as another example of service offer of this 
invention is described. 



This stores the help data which explain the operation method of apparatus in a service 
center 10, takes a required portion into apparatus according to a demand of a user, and 
shows it to a user. 

The protocol in this case is shown in Fig. 61. 

[0209] although it is also possible to save all help data to apparatus about this help 
function, there are all that there may be few domains for preservation or holding always 
new help data in apparatus from a difficult thing — it is — it is the example made into 
the form which puts some help data on a service center 10. 

In using a help function, a user first performs operation which starts a help by a control 
unit (it is [ in the case of high-order apparatus ] a control unit 308 in the case of a 
control unit 209 and low rank apparatus). 

The apparatus which received the input from a user performs a help start demand to a 
service center 10. 

If it is in the state where help data can be offered, a service center 10 will transmit 
help start confirmative advice to apparatus. 

[0210] The apparatus which received start confirmative advice transmits the data which 
specify the required portion of a help to a service center 10. 

The service center 10 which received this acquires required help data from the data base 
103 for service offer, and transmits them to apparatus. 

Apparatus displays the received help data on the display section (in the case of high- 
order apparatus, in the case of the display section 203 and low rank apparatus, it is the 
display section 303). 

What is necessary is just to perform a required input from a control unit, when a user 
uses a help function succeeding I y. 

An end of offer of help data registers a help offer history into an apparatus information 
data base. 

And a center notifies the end of a help to apparatus. 

[0211] Moreover, it is possible not only a simple help but to offer a tutorial, namely, to 

consider it as the composition which offers operation information. 

This is a function for a user to master the usage of apparatus, and if each portion of 

apparatus is operated, a display and an operation form will change according to the 

situation. 

The protocol in this case is shown in Fig. 62. 

In using a tutorial function, a user performs first operation which starts a tutorial by a 
control unit. 

The apparatus which received the input from a user performs a tutorial start demand to a 
center. 

If it is in the state where a tutorial can be performed, a center will transmit tutorial 
start confirmative advice to apparatus. 



The apparatus which received start confirmative advice displays the message of a tutorial 
start on the display section. 

If a user operates apparatus, apparatus will transmit the contents of operation, and the 
internal state of apparatus to a service center 10. 

A service center 10 determines the data with which the next should be provided based on 
these information. 

And required tutorial data are acquired from the data base for service offer, and it 
transmits to apparatus. 

[0212] Apparatus displays the received tutorial data on the display section. 

What is necessary is just to perform a required input from a control unit, when a user 

uses a tutorial function succeeding I y. 

An end of offer of tutorial data registers a tutorial offer history into an apparatus 
information data base. 

And a center notifies the end of a tutorial to apparatus. 

[0213] It has explained in detail about this invention, referring to a specific case of 
the operation above. 

However, it is obvious that this contractor can accomplish correction and substitution of 
this case of the operation in the range which does not deviate from the summary of this 
invention. 

That is, with the form of illustration, this invention has been indicated and it should 
not be interpreted restr ictively. 

In order to judge the summary of this invention, you should gj the column of the claim 
indicated at the beginning 3 times. 

[0214] As beyond the [effect of invention] has explained, according to the service offer 
system through the means of communication of this invention, the service offer method, 
service agency equipment, and the program offer medium 

It becomes possible to receive the information from a service center from the high-order 
apparatus which has a means of communication through a local network or an information 
recording medium, even when apparatus is a service center and the composition which does 
not make direct connection. 

It is not necessary for all the required control I ed-system apparatus (low rank apparatus), 
such as control and a maintenance, to constitute the means of communication of the 
communication interface for connecting with an external network etc. 
[0215] According to the service offer system through the means of communication of this 
invention, the service offer method, service agency equipment, and the program offer 
medium, further 

Even if it is the composition that required control I ed-system apparatus (low rank 
apparatus), such as control and a maintenance, is not equipped with an encryption function 



In order to perform communications processing with a service center after the high-order 
apparatus which can communicate enciphers data through control I ed-system apparatus (low 
rank apparatus), a local network, or an information recording medium, 
Even if it goes via the public network where the safety of communication data is not 
guaranteed, prevention of disclosure of important information, such as personal 
information which is needed in order to offer control information or control information, 
is attained. 



